Back to skill
Skillv1.0.0
VirusTotal security
身份证二要素核验 - 聚合数据 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 5:51 AM
- Hash
- db61d10e19d98fc7702189a88c10a05ed7b512447d005aa6a7981054cddedb17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: juhe-idcard-verify Version: 1.0.0 The skill is designed to verify Chinese identity cards using a third-party API (juhe.cn). While the behavior aligns with the stated purpose, the script `scripts/idcard_verify.py` transmits highly sensitive PII (names and ID numbers) over an unencrypted `http://` connection (API_URL), despite the documentation in `SKILL.md` suggesting HTTPS. There is no evidence of intentional malice or hidden data exfiltration, but the insecure handling of PII constitutes a significant security vulnerability.
- External report
- View on VirusTotal