Back to skill
Skillv1.0.2
VirusTotal security
xhs-daily-ranking(小红书每日风向标) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 12:46 PM
- Hash
- 93e9a7342bfaa5c505420a95537c2fa3af85de1cd6827c9a7e5dcfda24b7b26a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-daily-ranking Version: 1.0.2 The skill bundle contains scripts (xhs_daily_fetcher.py and gen_xhs_html.py) that perform network requests to an external domain (onetotenvip.com) while explicitly disabling SSL certificate verification (ssl.CERT_NONE), creating a significant vulnerability to Man-in-the-Middle (MITM) attacks. Furthermore, the scripts use raw socket communication to avoid sending Server Name Indication (SNI), which is a technique often used to bypass network filters. The SKILL.md and core_workflow.md files contain highly prescriptive 'prompt injection' style instructions that mandate a specific output sequence and forbid deviations, which, while intended for UI consistency, overrides standard agent behavior.
- External report
- View on VirusTotal