Back to skill
Skillv1.0.0
VirusTotal security
JD商品评价 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:31 AM
- Hash
- 111f74abadef410bcd7082a0a0fd1678b28a9c620d1d4645ff8c13799589a99b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jd-review-bot Version: 1.0.0 The skill automates JD.com product reviews by controlling a real Chrome browser instance and executing shell commands to install dependencies. Key indicators include the use of `subprocess.run` in `scripts/jd_review.py` to install pip packages and the requirement in `SKILL.md` to use the `--browser real` flag, which grants the agent access to the user's active authenticated browser sessions and cookies. While the logic appears strictly aligned with the stated purpose of batch-reviewing orders, these high-risk capabilities (local code execution and session hijacking potential) warrant a suspicious classification despite the lack of clear evidence of intentional malice or data exfiltration.
- External report
- View on VirusTotal