Back to skill
Skillv1.0.0
VirusTotal security
Web Scout · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:40 AM
- Hash
- f0b1b8533aaa3a1a5d32ba7539169dcd07a84933a374b17066004b0190b1e59f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-scout Version: 1.0.0 This skill bundle is classified as suspicious due to its explicit requirement for the `exec` tool, which enables arbitrary shell command execution, creating a significant attack surface for prompt injection. Key indicators include instructions to run `docker run` with an external image (`xpzouying/xiaohongshu-mcp`) and examples of `python3 -c` execution, both found in `SKILL.md`. While these capabilities are presented for the stated purpose of web scouting, they introduce high-risk vulnerabilities and supply chain risks, allowing for potential arbitrary code execution and host compromise if the agent is prompted maliciously or if external dependencies are compromised. There is no clear evidence of intentional malicious behavior by the skill itself, but rather a collection of powerful, risky capabilities.
- External report
- View on VirusTotal