Back to skill
Skillv1.0.0
VirusTotal security
Umeng Stats · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 10:51 AM
- Hash
- ebe6a21c0b700bf171d0fed5703cbc28a80532d4b94b01cf2a9c53bae282f8ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: umeng-stats Version: 1.0.0 The skill bundle contains hardcoded API credentials (apiKey and apiSecurity) in config.json and a hardcoded absolute file path (/Users/zhangjing/...) in scripts/query_crash.py. While the script's logic appears to legitimately query the Umeng API (gateway.open.umeng.com), the inclusion of private credentials and local environment paths constitutes a significant security risk and a functional vulnerability for any user other than the original author.
- External report
- View on VirusTotal