Back to skill
Skillv1.0.0
VirusTotal security
网络安全情报爬虫 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 3:31 AM
- Hash
- 234a5208aecfb3ccca21e9f4f7777c34d28ac8f1543361d4b2a25154b381cf3f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sec-news-crawler Version: 1.0.0 The skill bundle implements a security news and CVE crawler but contains several security vulnerabilities and risky behaviors. Specifically, `scripts/vuln_crawler.py` explicitly disables SSL certificate verification (using ssl.CERT_NONE) for multiple external data sources and programmatically attempts to read the main `openclaw.json` configuration file from a parent directory to extract API keys. Additionally, the documentation in `SKILL.md` suggests that sensitive API credentials for the IMA platform are hardcoded in the execution scripts, which is a significant security flaw.
- External report
- View on VirusTotal