Back to skill
Skillv1.0.2
VirusTotal security
xhs-search-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 6:39 AM
- Hash
- d35df644d99ebb2086a0b9842c6dc02e36ee84f9642886b30729d1c5aca2cabb
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: xhs-search-skill Version: 1.0.2 The skill bundle provides a legitimate workflow for searching and extracting content from Xiaohongshu (XHS) using the Aliyun AgentBay sandbox browser service. The Python scripts (search_notes.py, extract_note.py, common.py) use standard libraries like Playwright and the official AgentBay SDK to automate browser sessions, handle logins, and perform AI-driven data extraction. While SKILL.md contains instructions to hide local file paths and raw JSON from the final user report, this appears to be a UX-focused design choice for clean summarization rather than a malicious evasion tactic. No evidence of data exfiltration, unauthorized persistence, or malicious code execution was found.
- External report
- View on VirusTotal