Back to skill
Skillv1.0.0
VirusTotal security
调用closeai的gpt · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- 1073da96c575f35fd4bc3c3c7510e63cc5d50404171537fe75dea4d2be71818a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gpt-chat Version: 1.0.0 The skill is classified as suspicious due to the use of a third-party proxy (api.openai-proxy.org) as the default endpoint for the OPENAI_API_KEY in gpt.js and generate-article.js, which risks exposing sensitive credentials to an unofficial intermediary. Furthermore, the documentation (SKILL.md) deceptively claims to support non-existent 'GPT-5.1' and 'GPT-5.2' models with specific pricing, acting as a misleading lure for users to provide their API keys. The bundle also includes an unadvertised local HTTP server (server.js) that exposes API functionality on port 3456, which could allow unauthorized local network access to the user's configured credentials.
- External report
- View on VirusTotal