Back to skill
Skillv4.0.1
VirusTotal security
Content Catcher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 5:31 PM
- Hash
- 587b0aae5581e44c42706802e5f81224b5620b61d8ea3fd5b6d6b34dbac9819e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xia-zhua-zhua Version: 4.0.1 The bundle is a comprehensive web scraping and video downloading tool that includes a ported version of the 'Cat Catch' browser extension core. It contains high-risk capabilities, such as the 'send2local' function in 'cat-catch-core/function.js', which allows sending data to arbitrary URLs, and the use of 'execSync' to run Python scripts from Node.js. Furthermore, 'video_catcher_pro.py' contains hardcoded Windows file paths (e.g., 'C:\Users\26240\workspace\video-downloads') from the developer's environment, indicating a lack of sanitization. While these features support the stated functionality, the combination of broad network access, shell execution, and hardcoded environment leaks warrants a suspicious classification.
- External report
- View on VirusTotal