Back to skill
Skillv1.0.0
VirusTotal security
天气查询小技能 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:45 AM
- Hash
- 76f74719264fe6ffb971b0b6ba3532561c99726f08d922094b7ca5e758da548c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weather-query-ll Version: 1.0.0 The `SKILL.md` file instructs the AI agent to use `web_fetch` to 'directly scrape web page data' for weather information. This instruction, without specifying a fixed domain or implementing input sanitization for URL construction, introduces a significant Server-Side Request Forgery (SSRF) or arbitrary web fetching vulnerability. An attacker could potentially manipulate user input (e.g., city name) to direct `web_fetch` to internal network resources or other unintended external targets, making the skill suspicious due to this high-risk capability.
- External report
- View on VirusTotal