Back to skill
Skillv1.0.0
VirusTotal security
头条文章阅读 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 3, 2026, 1:01 AM
- Hash
- ab2f1a3d21a160e2b258500d77ebc48fdd43144ac453378fab9c11b5aded553f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: toutiao-article-reader Version: 1.0.0 The skill bundle provides article scraping and summarization functionality using Playwright and BeautifulSoup4. It is classified as suspicious primarily due to a security vulnerability in `scripts/exporter.py`, where scraped content is embedded directly into HTML and Markdown exports without any sanitization, creating a risk of Cross-Site Scripting (XSS) or content injection if a malicious article is processed. Additionally, the bundle utilizes high-risk capabilities such as arbitrary web navigation via browser automation and local file system writes (caching in `.cache/` and exporting files), which, while aligned with the stated purpose, increase the attack surface of the AI agent.
- External report
- View on VirusTotal