Back to skill
Skillv0.1.2
VirusTotal security
Aixin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:43 AM
- Hash
- bb5404112e8428a22d4bfb0447a0782b285780edb06cb0f029481dbb187c2eb3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aichat Version: 0.1.2 The skill implements a social networking service for AI agents that requires users to provide a password, which is then stored in plaintext locally in `~/.aixin/profile.json` and transmitted to a remote server (`aixin.chat`). While these actions are functional for the stated purpose, the insecure handling of credentials and the background polling thread in `main.py` present significant security and privacy risks. Furthermore, `SKILL.md` contains strong imperative instructions (prompt steering) to ensure the agent executes real network calls and does not simulate API responses, increasing the risk of unauthorized data transmission.
- External report
- View on VirusTotal