Back to skill
Skillv1.0.0
VirusTotal security
wechat-article-reader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:02 AM
- Hash
- 92412cc1659c9c22a1e8e2444e8fc83a9c438762259adf73a617c4200427f274
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-public-article-reader Version: 1.0.0 The skill provides a script `scripts/read_wechat.py` to fetch and parse WeChat articles, but it contains a vulnerability due to insufficient input validation. The URL check `if "mp.weixin.qq.com" not in url:` is a weak substring match that can be easily bypassed (e.g., `http://169.254.169.254/?x=mp.weixin.qq.com`), potentially allowing Server-Side Request Forgery (SSRF) attacks. While the code logic is aligned with the stated purpose, this lack of robust sanitization for network requests is a high-risk flaw.
- External report
- View on VirusTotal