Back to skill
Skillv1.0.1
VirusTotal security
违规词·发帖前合规检查 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:20 AM
- Hash
- 43cb6c969144e41aa828557f151ef1369b54d576e915589e9486e96f84de1e4b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: compliance-check Version: 1.0.1 The skill bundle provides a content moderation tool but contains several high-risk security practices. `scripts/check.py` attempts to discover API keys by searching sensitive local files including `~/.env` and `~/.openclaw/.env`. Furthermore, `scripts/api_server.py` implements an unauthenticated HTTP server that listens on all network interfaces (`0.0.0.0`) with permissive CORS (`*`), potentially exposing the tool and the user's API keys to unauthorized access. The `scripts/sync_wordlists.py` script also fetches content from multiple external GitHub repositories, which presents a supply chain risk if those sources are compromised.
- External report
- View on VirusTotal