Back to skill
Skillv1.0.0
VirusTotal security
华米(Zepp/原小米)运动刷步数 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 20, 2026, 12:16 PM
- Hash
- c0e7530d09fd120dcf54e04b821bb6abbb0f07c2612c177dc721806a9909ca31
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiaomi-brush-steps Version: 1.0.0 The skill is designed to automate step count modification for Zepp/Xiaomi (Huami) accounts. It is classified as suspicious because it explicitly instructs the AI agent in SKILL.md to solicit sensitive user credentials (usernames and passwords) and store them in plain text within a local 'config.json' file, creating a significant security risk. Furthermore, SKILL.md directs users to third-party websites (e.g., steps.hubp.de and yanwan.store) for testing, which could be used for credential harvesting. While the technical implementation in 'scripts/huami.py' appears to be a standard implementation of the Huami API protocol using known AES keys, the handling of user secrets and the promotion of external sites are high-risk behaviors.
- External report
- View on VirusTotal