Back to skill
Skillv1.0.1
VirusTotal security
Wechat Forward · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 3:51 PM
- Hash
- 4097c4f8f39c965c4b182b3fe814c7b02e7bbffc79cb5d0d4eff7dd6cd49c547
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-forward Version: 1.0.1 The skill 'wechat-forward' facilitates forwarding conversation history and files to a user's WeChat account using the 'wxclawbot' CLI. While the instructions in SKILL.md emphasize explicit user consent and 'self-only' data flow, the implementation pattern of passing user-generated text directly into shell commands (e.g., wxclawbot send --text "...") presents a significant risk of shell injection. Additionally, the skill requires access to sensitive credentials stored in '~/.openclaw/openclaw-weixin/accounts/', which, combined with the ability to exfiltrate data to an external IM service, warrants a suspicious classification despite the lack of clear malicious intent.
- External report
- View on VirusTotal