Back to skill
Skillv0.1.0
VirusTotal security
抖音直播弹幕AI智能回复助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 3:21 AM
- Hash
- 60c6822d849d5bceb0dccda904647c4d0275480cd34a53db55b37180db876047
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-live-ai Version: 0.1.0 The skill bundle contains high-risk execution patterns, most notably a large, heavily obfuscated JavaScript file (scripts/sign.js) used for generating Douyin's X-Bogus signature. This script is executed via eval() in scripts/get_sign_wrapper.js, which is in turn called as a sub-process from Python in scripts/douyinlive.py. While these capabilities are plausibly required to bypass Douyin's anti-scraping measures for the stated purpose of barrage collection, the combination of obfuscated code, eval(), and shell execution represents a significant attack surface and a potential vector for hidden malicious behavior.
- External report
- View on VirusTotal