Back to skill
Skillv1.0.0
VirusTotal security
收款测试,每次0.01 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 1, 2026, 11:41 AM
- Hash
- 33b29eec08bd2875c83d39b62312fcb43aa9d07dbb92c741c4b818c2f9bab1cf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawtipsshoptester Version: 1.0.0 The skill bundle implements a payment-gated AI writing service but contains significant security vulnerabilities. Specifically, SKILL.md instructs the agent to execute shell commands using potentially unsanitized user input, which poses a high risk of command injection despite the author's textual warnings. Additionally, sensitive cryptographic keys (SM4) are hardcoded within scripts/create_order.py and scripts/service.py, and the bundle requests broad network and credential permissions.
- External report
- View on VirusTotal