Skillv0.1.0

VirusTotal security

Baoyu Post To X · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 3:23 AM

Hash: acc9df1c6aa628508afae0f77538d578fa1e4512f22deb66195b0bfbedf1fb92
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: baoyu-post-to-x Version: 0.1.0 This skill is classified as suspicious due to its reliance on high-privilege system interactions and broad capabilities, even though they appear aligned with the stated purpose of bypassing anti-automation on X.com. Specifically, `scripts/copy-to-clipboard.ts` and `scripts/paste-from-clipboard.ts` execute platform-specific commands (`osascript`, `powershell.exe`, `xdotool`/`ydotool`) to interact with the system clipboard and simulate keystrokes. While these are necessary for the skill's functionality, they represent significant system access. Additionally, `scripts/md-to-html.ts` includes functionality to download files from arbitrary URLs, which, if misused, could lead to downloading malicious content, although it does not execute them. The core browser automation scripts (`x-article.ts`, `x-browser.ts`, `x-quote.ts`) use Chrome DevTools Protocol (CDP) with `Runtime.evaluate` for extensive browser control, which is powerful but used within the context of X.com.
External report: View on VirusTotal