Back to skill
Skillv1.0.0
VirusTotal security
Meme Collector 热梗收集器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- 0d9d84a5c124b38d61d06908de89d20475a2e08585faf6310d4fe287d5565ee3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: meme-collector Version: 1.0.0 The skill is classified as suspicious due to two main factors. First, the `scripts/dify_ops.py` script accepts a `--proxy` argument, allowing all Dify API traffic, including the sensitive `API_KEY`, to be routed through an arbitrary, user-specified proxy. This creates a significant risk of credential interception and data exfiltration if a malicious proxy is provided. Second, the `SKILL.md` file directly executes `bash` commands with interpolated variables (`$DATASET_ID`, `$API_KEY`, `$PROXY`). This presents a shell injection vulnerability if the OpenClaw agent does not properly sanitize these inputs before command execution. While the skill's stated purpose is benign, these capabilities introduce high-risk vectors for potential abuse, even without explicit malicious intent within the skill's code itself.
- External report
- View on VirusTotal