Back to skill
Skillv1.0.0
VirusTotal security
娜可露露洗发水推荐助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 8:41 AM
- Hash
- 15ef90e887631cb41b050f049c3222a3ac82e40b89adb81e33730c3dd9914bb6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shampoo-recommender Version: 1.0.0 The skill bundle contains several Python scripts (setup_assets.py, package_skill.py, test_skill.py, and write_icon.py) that utilize hardcoded absolute Windows file paths (e.g., 'C:\Users\chenyuxin\...'). While the overall logic appears to be a benign shampoo recommendation service, the use of hardcoded absolute paths is a significant security flaw and functional vulnerability that could lead to unintended file system operations or path traversal risks if the environment matches the hardcoded strings. There is no clear evidence of malicious intent, but the lack of path sanitization and portability makes the bundle high-risk.
- External report
- View on VirusTotal