Back to skill
Skillv1.0.0
VirusTotal security
知乎草稿写手 Zhihu Draft Writer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:34 AM
- Hash
- f90c38de0f91bf6cf8f9154027b0637c1c32c93ffaf30ad29bf6f8addd61e744
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zhihu-draft-writer Version: 1.0.0 The skill automates Zhihu interactions by requesting broad browser host control and executing shell-based `curl` commands to a third-party API endpoint (cc.zhihuiapi.top). While the instructions in SKILL.md and answer-generation.md include extensive safety filters and anti-detection logic, the practice of passing potentially un-sanitized JSON data into a shell command via `curl` creates a significant risk of shell injection. Additionally, the use of a non-standard third-party API proxy for processing user-scraped content introduces data privacy concerns.
- External report
- View on VirusTotal