Back to skill
Skillv1.4.0
VirusTotal security
Guanrentang Writer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:12 AM
- Hash
- 3467bd89f7a39e10567b3e812b0705af36a3cf69e71d8fba915b0ebce40fa15c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: guanrentang-writer Version: 1.4.0 The skill bundle automates TCM article generation and image creation using the Zhipu AI API. It is classified as suspicious because it directs the OpenClaw agent to execute complex shell command pipelines (mkdir, cp, curl, jq, xargs) and source local .env files. While these actions support the stated functionality, the construction of shell commands using potentially unsanitized user-provided variables (like article titles) in SKILL.md creates a risk for command injection. No evidence of intentional data exfiltration or malicious backdoors was found; the network activity is limited to the legitimate domain open.bigmodel.cn.
- External report
- View on VirusTotal