Back to skill
Skillv1.0.0
VirusTotal security
Shopping in Sweden · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:24 AM
- Hash
- 1d0294726f50bae7e99a585ba268c20e7ce841844ac3c1fb1297acf2e7f83624
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shopping-in-se Version: 1.0.0 The skill facilitates automated online shopping by instructing the agent to read sensitive PII and credit card details from local files (~/Private/) and use the Chrome DevTools Protocol (CDP) to bypass iframe security boundaries. The provided Python code in 'references/cdp-click.md' uses low-level socket communication to interact with the browser's CDP interface (localhost:18800), allowing it to programmatically enter card data and trigger clicks inside cross-origin payment iframes (Klarna/Stripe). While the skill includes safety instructions like user confirmation and a 'trusted sites' list, the combination of local secret access and the ability to bypass browser security controls for financial transactions represents a high-risk capability.
- External report
- View on VirusTotal