Back to skill
Skillv1.0.1
VirusTotal security
海外物流Skill合集 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 1:16 PM
- Hash
- c1df93ce975bf6bdcfdc6aceb8899362bbc28a413d51c133551e653dcc7e6280
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: i-logisitics-skill Version: 1.0.1 The skill bundle is designed to query JD logistics and supply chain data but contains a recurring security vulnerability: `rejectUnauthorized: false` is explicitly set in the HTTPS request options within `get_cross_board_data.js`, `get_isc_data.js`, and `get_tracking_data.js`. This disables SSL certificate validation, making the API requests and the sensitive 'token' (passed in headers) vulnerable to Man-in-the-Middle (MitM) attacks. While the code logic appears aligned with its stated purpose, the use of insecure network configurations and the reliance on the AI agent to correctly sanitize inputs for shell command execution (as instructed in `SKILL.md`) warrants a suspicious classification.
- External report
- View on VirusTotal