Back to skill
Skillv1.0.8
VirusTotal security
Taobao Merchant Ops · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:22 AM
- Hash
- d3912bfb51c936ea51809489ac59767c52a436d8153ca3e15a9fc335923e630b
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: taobao-merchant-ops Version: 1.0.8 The skill bundle is a commercial RPA (Robotic Process Automation) tool designed for Taobao merchants to automate data collection and shop inspections. It uses Playwright for browser automation and openpyxl for Excel report parsing. While it includes a 'phone-home' licensing mechanism (scripts/license_gate.py) that sends a hardware fingerprint (SHA256 hash of hostname and MAC address) to a remote server (120.27.202.105) for activation, this behavior is transparently documented in SKILL.md and aligned with its commercial purpose. Sensitive session data (cookies) are stored locally in 'yingdao_storage_state.json' and are not exfiltrated. The code lacks indicators of malicious intent, such as unauthorized data theft, persistence mechanisms, or obfuscated payloads.
- External report
- View on VirusTotal