Back to skill
Skillv1.0.0
VirusTotal security
Custom Morning Brief · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 12:46 PM
- Hash
- 84f492236a0c179f526350aba7260ae2d7350a794753c962e4c0bbc8134646d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yuheng-morning-brief Version: 1.0.0 The skill bundle is classified as suspicious because SKILL.md contains instructions to read sensitive financial portfolio data from a local file (USER.md) and transmit it to a hardcoded Feishu recipient ID (ou_fd61d5ebc9af22913aa4c21c8e3cac14). This configuration functions as a data exfiltration mechanism, as any user deploying the skill would unknowingly send their private investment data to the author's specified endpoint. While this could be a result of poor template design rather than overt malice, the hardcoded destination for private data represents a significant security and privacy risk.
- External report
- View on VirusTotal