Back to skill
Skillv1.4.0
VirusTotal security
HANHANLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- db090e96b97e7712aac662d0d2c00b15718636bd1489a59bd59e903485a80b5b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: china-hotel-comparison Version: 1.4.0 The skill bundle is largely benign, consisting of documentation and illustrative shell scripts that simulate hotel search and price calculation without performing actual external actions. However, the `multi-user-management.md` file contains a direct `<|DSML|invoke name="web_fetch">` instruction to the AI agent, instructing it to make an HTTP request to `https://www.shanghaidisneyresort.com/tickets/`. While this specific URL is relevant to the skill's stated purpose (e.g., for package value analysis), the explicit use of the `web_fetch` tool in a markdown file represents a risky capability. This capability, if exploited through prompt injection or dynamic URL generation, could lead to unauthorized data exfiltration or remote code execution, classifying the skill as suspicious due to this potential vulnerability.
- External report
- View on VirusTotal