Back to skill
Skillv1.0.0
VirusTotal security
CPMO 日报自动化 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:22 AM
- Hash
- 9c41a759acf4623cf4e0e5abf7d6802f53d915bc80d5b0f1ba664259bab27a1c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cpmo-daily-report Version: 1.0.0 The skill bundle automates daily reporting by using `osascript` to extract sensitive information from Apple Notes and macOS Calendar, and `remindctl` for reminders. It contains a hardcoded Feishu App Token (`ZhrMb0hAMa4A3IsvyZPcw7Gbn8d`) and sends collected data to an external Feishu Base. While these actions are consistent with the stated purpose of a 'CPMO Daily Report,' the use of high-privilege system commands and the exposure of API credentials in SKILL.md pose a security risk.
- External report
- View on VirusTotal