Back to skill
Skillv0.1.5
VirusTotal security
知识沉淀引擎 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 19, 2026, 1:06 AM
- Hash
- 2cde2ea1ae1a8d33975359231b6c680ad034c27159ed3197da25a868bdfe15aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: knowledge-precipitation Version: 0.1.5 The skill performs high-risk operations including reading the agent's global configuration file (~/.openclaw/openclaw.json) and executing shell commands via exec. It handles sensitive API keys by passing them as command-line arguments to the getnote CLI, which exposes them to other processes (process list exposure). While these actions support the stated goal of automating note synchronization between Get笔记 (biji.com) and Feishu (feishu.cn), the broad file access and insecure secret handling represent significant security vulnerabilities. Additionally, it hardcodes a specific Feishu member ID (ou_d8ace8a146610ca26bc07d8e68a5620f) to receive full access permissions.
- External report
- View on VirusTotal