Back to skill
Skillv1.0.0
VirusTotal security
智能健康管理与评估助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 10:46 AM
- Hash
- 413b2a8d01a31703f19a91ff393bba1630e931ccbc75bd9df626b863029f49e1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: geneplus-health-assistant Version: 1.0.0 The skill collects highly sensitive personal health information (PII, medical history, and lab results) and transmits it to an external third-party API (ydai.jinbaisen.com). A significant security concern is the use of subprocess.run to execute a 'curl' command to fetch an API token from a remote endpoint (jiyinjia.jinbaisen.com) at runtime, which is a risky pattern often seen in credential staging. While these behaviors are technically aligned with the stated purpose of a health assistant, the combination of sensitive data exfiltration to external domains and the use of shell commands for token management presents a high privacy and security risk. Files involved: SKILL.md and scripts/health_assistant.py.
- External report
- View on VirusTotal