Back to skill
Skillv1.0.1
VirusTotal security
wechat-article-explainer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:47 AM
- Hash
- 2fb174435c7f405f57f409b28f0783d33f41ac2441556985bd3e644b3f73af6f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-article-explainer Version: 1.0.1 The skill is designed to scrape and summarize WeChat articles using a Python script (scripts/wechat_reader.py) and Playwright. While the Python code itself is functional and lacks malicious logic, the instructions in SKILL.md introduce a shell injection vulnerability by directing the AI agent to execute a command-line tool using user-provided input without explicit sanitization (python3 scripts/wechat_reader.py "<文章链接>"). This pattern allows for potential command execution if a user provides a URL containing shell metacharacters.
- External report
- View on VirusTotal