Back to skill
Skillv0.1.1
VirusTotal security
Web Fetcher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:36 AM
- Hash
- f405511c96d90599559816419a7ae6f23dc4a485d789c3acbeca1906db96fcfa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-fetcher Version: 0.1.1 The skill bundle implements a comprehensive web content fetcher that utilizes high-risk capabilities such as executing external binaries (yt-dlp, scrapling) via subprocess calls in lib/video.py and lib/article.py, and performing browser automation with JavaScript injection in lib/feishu.py. While these behaviors are aligned with the stated purpose of scraping articles and downloading videos, the use of shell execution and broad network access for arbitrary URLs represents a significant attack surface for argument injection and SSRF. No evidence of intentional malice, such as data exfiltration or backdoors, was identified.
- External report
- View on VirusTotal