Back to skill
Skillv1.0.1
VirusTotal security
xhs-explosive-content-detector(小红书爆款雷达) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 12:16 PM
- Hash
- d569c374d4359f7f347e27b3556438015bb1d22d5c82cffe1aa373fcf9d17d28
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-explosive-content-detector Version: 1.0.1 The skill bundle contains a Python script (`fetch_xhs_trends.py`) that implements a custom HTTPS requester using raw sockets to bypass SNI and explicitly disables SSL certificate verification (`ssl.CERT_NONE`) and hostname validation. While this is likely intended to bypass scraping protections or WAFs for the target API (onetotenvip.com), it introduces a Man-in-the-Middle (MITM) vulnerability. The instructions in `SKILL.md` and `core_workflow.md` are highly complex and direct the agent's behavior strictly, but they appear aligned with the stated purpose of analyzing social media trends and do not show clear evidence of malicious intent such as secret exfiltration.
- External report
- View on VirusTotal