Skillv1.0.0

VirusTotal security

code-reviewer · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMar 26, 2026, 10:36 AM

Hash: f6d847f75138226b1a2f60a675dea8268a397441bfc49ad867b942fb379db678
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: jinyun1 Version: 1.0.0 The skill bundle primarily provides legitimate Go code review rules, but contains highly irregular instructions in 'rules/team-effectiveness-metrics.md'. This file includes hardcoded local Windows file paths (e.g., 'C:\yanfayun\gpc-srv') and explicit instructions for the AI agent to fetch data from an external URL (srdcloud.cn). Such specific environmental targeting and external data fetching instructions are atypical for a generic skill and pose a risk of unauthorized local resource access or data exfiltration.
External report: View on VirusTotal