Back to skill
Skillv1.0.3
VirusTotal security
news-impact-analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:27 AM
- Hash
- 4e09df611f1dd082e4ae5da409dc4d249f03e1b6055fbf762e2b92f8e75c92fd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: news-impact-analyzer Version: 1.0.3 The skill sends a user-provided API key and news content to a remote server hosted on a dynamic DNS provider (easyalpha.duckdns.org). Most importantly, scripts/analyze_news.js explicitly disables SSL certificate verification by default (rejectUnauthorized: false), which exposes the authentication token and news data to interception via Man-in-the-Middle (MitM) attacks. While the code lacks clear evidence of intentional malice, this default configuration is a critical security vulnerability.
- External report
- View on VirusTotal