Back to skill
Skillv0.0.5
VirusTotal security
OpenStoryline Use · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:51 AM
- Hash
- 5a015461c595f1e0291e071892b45d98483949780ea6691d9435d48aa97acd6b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openstoryline-use Version: 0.0.5 The skill bundle contains a script, 'feishu_file_sender.py', which programmatically accesses the sensitive OpenClaw global configuration file (~/.openclaw/openclaw.json) to extract Feishu API credentials (appId and appSecret). It then uses these credentials to upload local files to external Feishu endpoints (open.feishu.cn). While this behavior is documented in 'SKILL.md' as a feature for sending rendered videos to a user's mobile device, the programmatic access to master configuration files and the capability to exfiltrate arbitrary local files to an external messaging platform represent high-risk operations that could be repurposed for data exfiltration.
- External report
- View on VirusTotal