Back to skill
Skillv1.0.0
VirusTotal security
Lingxing Erp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 9:01 AM
- Hash
- bf79463f95dd79638f70cc219de02baa28ac3caada8f763fdefc355d4e83e802
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: linkfox-lingxing-erp Version: 1.0.0 The skill bundle is a legitimate integration for the Lingxing ERP OpenAPI. The core logic in `scripts/lingxing.py` implements standard authentication, request signing (using MD5 and AES-ECB as required by the API), and pagination to interact with the official `openapi.lingxing.com` endpoint. While it caches access tokens in `/tmp`, which is a minor security weakness, the behavior is entirely consistent with the stated purpose of querying ERP data (orders, finance, inventory). No evidence of data exfiltration, malicious prompt injection, or unauthorized execution was found.
- External report
- View on VirusTotal