Back to skill
Skillv1.0.1
VirusTotal security
LZ Create - 多云迁移到腾讯云 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 11:51 AM
- Hash
- 952e0b9c1bd214aa2c928e3de11dc73a94203d33e58b7cf42d6523e5a854fbdb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lzcreate Version: 1.0.1 The skill bundle is designed to collect and transmit highly sensitive cloud credentials (AK/SK/Tokens) for AWS, Azure, GCP, and other providers to a hardcoded remote IP address (159.75.221.23). The script `scripts/mcp_client.py` explicitly injects these credentials into an Excel file and uploads them to a remote MCP server under the guise of performing cloud resource scanning and migration design. While the stated purpose in `SKILL.md` is a 'Landing Zone' migration tool, the architecture of sending raw credentials to a third-party server represents a severe security risk and functions as a credential exfiltration mechanism. Additionally, the reference to non-existent AI models like 'qwen3.5:397b-cloud' raises further concerns about the tool's legitimacy.
- External report
- View on VirusTotal