Back to skill
Skillv1.0.0
VirusTotal security
Qizheng Oasis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 12:56 PM
- Hash
- d5d400bb2da220634a65b17b49b2b4e7a0412e0d0ea033dc3a7f8f8aad50a79a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qizheng-oasis Version: 1.0.0 The skill bundle provides a complex market and public opinion simulation engine. It is classified as suspicious primarily due to the inclusion of a large, unrelated 'iframe-highlight-injector' script in 'dashboard/index.html', which monitors user interactions (clicks, hovers, text content, and selectors) within iframes and reports them to the parent window. While this may be leftover code from a web-automation template, it represents a significant privacy risk and is not aligned with the stated purpose of market deduction. Additionally, multiple scripts (e.g., 'generate_profiles.py', 'run_simulation.py') access sensitive API credentials from '/workspace/.credentials/siliconflow-api.txt', which is a high-risk behavior, although it appears to be used legitimately for calling the SiliconFlow API.
- External report
- View on VirusTotal