Back to skill
Skillv1.0.2
VirusTotal security
news-content · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:18 AM
- Hash
- 66a184ccbc037f5cb49e9902fceea5193793c8f85fca7e4142ff1b95cd532be3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: news-content Version: 1.0.2 The skill uses a remote backend hosted on a dynamic DNS domain (easyalpha.duckdns.org) and explicitly disables SSL certificate verification (rejectUnauthorized: false) in scripts/extract_news.js. While these behaviors align with the stated purpose of a client-server news extractor, they represent significant security risks, including susceptibility to Man-in-the-Middle (MITM) attacks and the use of non-reputable infrastructure for handling API keys and user-provided URLs.
- External report
- View on VirusTotal