Back to skill
Skillv0.1.1
VirusTotal security
X News Crawler · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:08 AM
- Hash
- 611e4f25b2cc90ffcc4b3f12c2888deb6246643bf41e82beb2b9a876db17481d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-news-crawler Version: 0.1.1 The skill requires the user to expose their primary Chrome browser profile via the Remote Debugging Port (CDP) and explicitly advises against using an isolated data directory (`--user-data-dir`) in SKILL.md and references/cli.md. This configuration grants the crawler script (scripts/x_news_crawler.sh) and the required 'agent-browser-stealth' package full control over the user's active browser sessions, cookies, and stored credentials. While this is likely intended to bypass X's anti-bot protections by using a logged-in session, it creates a high-risk environment for session hijacking. Additionally, the setup instructions mandate global package installation and bypassing build security prompts ('pnpm approve-builds -g').
- External report
- View on VirusTotal