Back to skill
Skillv1.0.0
VirusTotal security
social-media-analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 10:01 AM
- Hash
- 17dd3a675b980374dfd0d8795a0e245d139ba93953b34eb4779c7e0fee773410
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: social-media-analysis Version: 1.0.0 The skill contains critical shell injection vulnerabilities in scripts/parse-bilibili.js and scripts/parse-xiaohongshu.js, where unsanitized URLs retrieved from a Feishu Bitable are passed directly to execSync calls for yt-dlp. While these flaws allow for potential Remote Code Execution (RCE), they appear to be unintentional coding errors rather than intentional malware. Additionally, the SKILL.md file declares restricted network permissions (only open.feishu.cn) that do not align with the scripts' actual behavior of accessing multiple social media domains like douyin.com, weibo.cn, and xiaohongshu.com.
- External report
- View on VirusTotal