Back to skill
Skillv1.0.0
VirusTotal security
个人智能健康管理 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 14, 2026, 3:26 AM
- Hash
- 6f22c9d2225dd716222fe9471d4c19d2fe14ceafac7dc1d591ad6d2e70d02d61
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: healthai Version: 1.0.0 The skill bundle exhibits high-risk behaviors including automated persistence via crontab modification and the use of hardcoded API credentials. Specifically, `scripts/activate_health_skill.py` and `scripts/auto_bind_user.py` automatically append entries to the system's crontab, while `scripts/daily_health_reminder.py` and its shell counterpart contain a hardcoded Feishu `APP_ID` and `APP_SECRET` (cli_a93be6affe785cd9 / JrMNdAdygP7JZsZOZWCMwcvRs8wisZRR). Furthermore, the scripts utilize `os.system` and `subprocess.run(shell=True)` for configuration, which introduces command injection vulnerabilities. While these actions are aligned with the stated purpose of health monitoring and reminders, the lack of credential hygiene and automated system-level changes warrant a suspicious classification.
- External report
- View on VirusTotal