Back to skill
Skillv1.0.0
VirusTotal security
Alibaba Supplier Outreach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:25 AM
- Hash
- 57eba2c4199104b5b7baf6e552654c437de424f44cb12ccd3a7f9bd509ec4750
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alibaba-supplier-outreach Version: 1.0.0 The skill is classified as suspicious due to its use of powerful browser automation tools (`mcp__claude-in-chrome__*`) that operate within the user's logged-in Alibaba session, and local file system write access (`~/.claude/supplier-conversations/`) for memory management. While these capabilities are plausibly needed for the stated purpose of supplier outreach and negotiation, they represent high-risk operations. Potential vulnerabilities exist in the construction of URLs using user-derived input (e.g., `[ENCODED_COMPANY_NAME]`) and the robustness of local file path handling, which could be exploited for URL injection, cross-site scripting, or path traversal if not sufficiently sanitized by the underlying tools or the skill's logic. There is no clear evidence of intentional malicious behavior, but the broad permissions and potential for exploitation warrant a 'suspicious' classification.
- External report
- View on VirusTotal