Back to skill
Skillv1.0.0
VirusTotal security
Rss Ai Reader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:18 AM
- Hash
- fd069095ad4e18d8212cb1780d618c76e53c70083b2ba80194ffe1dfa24355ec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rss-ai-reader Version: 1.0.0 The skill instructs the agent to clone and execute code from an external GitHub repository (https://github.com/BENZEMA216/rss-reader.git) via `git clone` and `pip install -r requirements.txt` commands in `SKILL.md`. This introduces a significant supply chain risk, as the actual code being run is not part of the analyzed bundle. Additionally, the skill is designed to handle multiple sensitive API keys and passwords (for LLMs, Feishu, Telegram, and Email SMTP) as environment variables or in configuration files, as detailed in `SKILL.md` and `references/config_guide.md`, increasing the potential attack surface for credential compromise if the external code were malicious.
- External report
- View on VirusTotal