Back to skill
Skillv1.0.13
VirusTotal security
Bear Blog Publisher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:06 AM
- Hash
- 9d79c08c834b21a0ba9b6c6b49158f3b60f86194bd09ab264553cb15998e6d61
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bear-blog-publisher Version: 1.0.13 The skill is classified as suspicious due to several documented security considerations that, while transparently disclosed, represent potential vulnerabilities. Specifically, the `scripts/publish.py` code implements a credential resolution mechanism that allows for plaintext password storage in `~/.openclaw/openclaw.json` if the user chooses this method, although it does include a warning if file permissions are insecure. Additionally, the `generate_diagram` function in `scripts/publish.py` uses Playwright with the `--no-sandbox` flag, which is a known security risk for browser isolation, even though the skill mitigates this by only loading local HTML files. These are vulnerabilities and risky operational choices, not clear evidence of malicious intent.
- External report
- View on VirusTotal