Back to skill
Skillv1.0.0
VirusTotal security
Add to Cart from Bitable · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 3:46 AM
- Hash
- f1822dee1b2e26fd76c9cc6e29e6e3bef9cefbd14a5885e2a76af03f64a52f70
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: addtocartfrombitable Version: 1.0.0 The skill opens URLs (`productUrl`) sourced directly from an external Feishu Bitable table without apparent validation or sanitization, as seen in `SKILL.md` and `scripts/index.js`. This creates a vulnerability where a compromised Bitable table could direct the agent's browser to arbitrary malicious websites (e.g., phishing, drive-by downloads), leading to potential security risks for the agent's environment. While the core functionality is benign browser automation, this lack of input validation for URLs constitutes a significant vulnerability, classifying it as suspicious rather than malicious.
- External report
- View on VirusTotal