Back to skill
Skillv0.1.1
VirusTotal security
米游社工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:25 AM
- Hash
- 172ede5c2b10d47b4e0ada0d351723df55a3a0b169a17f24c0af565602ae01ff
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mystool Version: 0.1.1 The skill bundle is a comprehensive Miyoushe automation tool that handles sensitive user credentials, including cookies and login tokens. It contains a functional SSRF (Server-Side Request Forgery) vulnerability in 'src/sms_login.py' via the '_get_proxy' function, which performs unvalidated HTTP GET requests to a user-provided URL. Additionally, the tool implements a cross-platform account sharing mechanism in 'src/store.py' ('merge_user_accounts') that allows transferring sensitive session data between users via 6-digit codes. While these features are documented as intended for power users, the combination of credential handling, local storage of cookies in 'data/accounts.json', and the SSRF risk warrants a suspicious classification.
- External report
- View on VirusTotal