Skillv1.0.0

VirusTotal security

导购个人业绩分析 · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMar 26, 2026, 11:26 AM

Hash: 3709c6a2b2f6087fc4f2e622f95a5cc98f40899f76d24990f8b8baafb584e39b
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: retail-clerk-performance-analysis Version: 1.0.0 The skill bundle is classified as suspicious due to several security vulnerabilities found in analyze.py. Specifically, the script contains a hardcoded absolute path to a developer's home directory (/Users/yangguangwei/.openclaw/workspace-front-door), which results in information disclosure and potential path hijacking. Additionally, the script lacks input sanitization for user-controlled parameters such as guide_name and store_id before passing them to internal API endpoints, which could allow for injection attacks if the backend services are not properly secured.
External report: View on VirusTotal