Back to skill
Skillv1.0.0
VirusTotal security
健康管理 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 1:51 PM
- Hash
- 6f54a2e44ef5269ecba5d2ab4e517beedac1061589361f5a9833fa809c147745
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jiankangguanli Version: 1.0.0 The skill collects extensive Personal Identifiable Information (PII) and sensitive medical data (name, age, location, occupation, medical history, and lab results) and transmits it to external third-party endpoints (ydai.jinbaisen.com). It employs high-risk execution patterns, specifically using 'subprocess.run' to execute 'curl' for dynamic token retrieval in 'health_assistant.py', and 'webbrowser.open' to launch locally generated HTML files. While these behaviors are ostensibly for generating health reports, the combination of aggressive data collection, shell command execution, and external data exfiltration to non-standard domains (jinbaisen.com, geneplus.org.cn) poses a significant security and privacy risk.
- External report
- View on VirusTotal