Back to skill
Skillv1.0.2
VirusTotal security
xhs-weekly-ranking(小红书七日热榜) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 1:06 PM
- Hash
- 91ca5d57a084e7db6017266f8dbfb381bd48d3dfe91cebf3c1e2ff0258499cfd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-weekly-ranking Version: 1.0.2 The skill bundle contains Python scripts (xhs_weekly_fetcher.py and gen_xhs_html.py) that fetch data from a third-party API (onetotenvip.com) using raw sockets and manually disabling SSL certificate verification (ssl.CERT_NONE). This is a significant security vulnerability that exposes the agent to man-in-the-middle (MITM) attacks. While the scripts and the highly prescriptive instructions in SKILL.md and core_workflow.md appear aligned with the stated purpose of fetching social media rankings, the intentional bypass of standard security protocols and the use of a non-standard API endpoint warrant a suspicious classification.
- External report
- View on VirusTotal