Back to skill
Skillv1.0.0
VirusTotal security
downloader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 5:41 PM
- Hash
- d5753f2238806dcd355a20bba5512c6b855c48422f22f64e2489dae1bef6993c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gnview Version: 1.0.0 The skill bundle provides an extensive interface for interacting with Douyin, TikTok, and Bilibili APIs, including high-risk functionality that requires users to provide session cookies (e.g., in `SKILL.md` for endpoints like `/api/douyin/web/fetch_user_collection_videos` and `/api/hybrid/update_cookie`). While these capabilities are plausibly required for the stated purpose of accessing private user data, they create a direct path for credential exfiltration if the configurable `base_url` in `config.json` is directed to a malicious endpoint. No evidence of intentional malice or hardcoded exfiltration was found, but the handling of sensitive authentication tokens warrants a suspicious classification.
- External report
- View on VirusTotal