Back to skill
Skillv1.0.0
VirusTotal security
WeRead (微信读书) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 20, 2026, 11:31 PM
- Hash
- 62629532fe6e2cdaa2c17db6d960d5ad96c09d5d93392e115ff189f9e35dfc5c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weread Version: 1.0.0 The skill provides legitimate functionality for managing WeRead data but includes high-risk credential handling behaviors. Specifically, `weread_login.py` attempts to programmatically access and query the Chrome browser's local `Cookies` SQLite database to extract session tokens. Additionally, `SKILL.md` instructs the AI agent to extract cookies via `document.cookie` and write them to a local file (`~/.weread/cookie`). While these actions are aligned with the stated purpose of the skill and the cookie extraction is limited to the `weread.qq.com` domain, the direct access to sensitive browser profile data and the automated handling of authentication secrets represent significant security risks.
- External report
- View on VirusTotal