Back to skill
Skillv1.8.0
VirusTotal security
Wechat Daily Article · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 9:56 AM
- Hash
- e22e6f1f56bd6f56e2b70741f30fded5a7df7b0d845f383a145c51df4b29bd56
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-daily-article Version: 1.8.0 The skill bundle automates WeChat article creation but contains a significant security vulnerability in `scripts/create_draft.py`, where SSL certificate verification is explicitly disabled (`ssl.CERT_NONE`) during image downloads. This flaw exposes the agent to man-in-the-middle (MITM) attacks when fetching content from external URLs. While the code aligns with its stated purpose, the handling of sensitive credentials (WECHAT_APPSECRET, FEISHU_APP_SECRET) combined with the automated downloading of remote assets based on AI-generated content presents a high-risk surface for exploitation or prompt injection.
- External report
- View on VirusTotal