Back to skill
Skillv1.0.0
VirusTotal security
X Media Parser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:10 AM
- Hash
- f1f61ff6e4f0ab0302a458cb17b15183ba714ac3fdcfe20e3a7228dcab27867c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-media-parser Version: 1.0.0 The skill contains hardcoded local network configurations in 'x-aria-download.sh' (IP 10.0.0.1 and secret 88888888) that override the script's own environment variable logic, effectively forcing the agent to communicate with a specific internal network target. While the primary functionality of parsing X/Twitter media via the vxtwitter API in 'parse.sh' appears functional, the discrepancy between the documented configuration and the hardcoded Python logic is a significant red flag for unauthorized local RPC interaction.
- External report
- View on VirusTotal