Back to skill
Skillv1.0.1
VirusTotal security
Tencent IMA Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:33 AM
- Hash
- 82668c7fc32ed79b04ca7e9f7f02a1fc3bf6d3c0e17bc7b05ee03b3405182250
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tencent-ima-skill Version: 1.0.1 The skill automates the Tencent IMA desktop application using the Chrome DevTools Protocol (CDP), which involves high-risk capabilities. Specifically, `scripts/ima.py` launches the application with a remote debugging port (`8315`), uses `Network.setRequestInterception` to hijack and modify outgoing API requests to inject a `knowledge_id`, and executes custom JavaScript via `Runtime.evaluate` to extract data from the application's DOM. While these actions are consistent with the stated purpose of automating search and private knowledge retrieval, the use of debugging ports, request manipulation, and arbitrary code execution within a local application context are inherently risky behaviors that could be exploited if the skill were compromised.
- External report
- View on VirusTotal