Back to skill
Skillv1.0.2
VirusTotal security
Weibo Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:53 AM
- Hash
- ace962c2b123086c949241a26eb389ed159000028ec1686e22953fe64ad1655c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weibo-manager Version: 1.0.2 The OpenClaw AgentSkills skill bundle for Weibo management and image generation contains critical shell injection vulnerabilities. Multiple scripts (`src/approve_post.js`, `src/force_login.js`, `src/login.js`, `src/request_publish.js`) use `child_process.execSync` to execute other internal skills, passing user-controlled inputs (such as `chat_id` and `content`) directly as shell arguments without proper sanitization. This flaw could allow an attacker to achieve Remote Code Execution (RCE) by crafting malicious input. While the `SKILL.md` demonstrates security awareness by explicitly warning against prompt injection from external sources and enforcing an approval workflow, the code itself introduces severe vulnerabilities. There is no evidence of intentional malicious behavior like data exfiltration to external endpoints or persistence mechanisms, but the RCE risk makes it suspicious.
- External report
- View on VirusTotal