Back to skill
Skillv1.0.7
VirusTotal security
Blog Title Optimizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- cb554a950c5393833434fbfc83293fef857f22af818a2214bd1b2294f982f00b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blog-title-optimizer Version: 1.0.7 The skill bundle exhibits several high-risk indicators, most notably a suspicious 'package-lock.json' that references a non-existent version of the 'axios' library (1.13.6) and other dependencies from a specific mirror (mirrors.tencentyun.com), which is a common sign of a supply chain or dependency confusion attack. Furthermore, 'index.js' contains a syntax error (a stray backtick and comma) that would prevent the code from executing, and it hardcodes a merchant key for a mandatory pay-per-use payment system ('skillpay.me'). While these elements suggest deceptive or low-quality construction, there is no direct evidence of data exfiltration or backdoors in the provided source code.
- External report
- View on VirusTotal