Back to skill
Skillv1.0.0
VirusTotal security
crs-report-generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:55 AM
- Hash
- bac7a1fa385411c5bd15918ef348fc3b9710df11deb62b9dc8127cd74ab8a456
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crs-report-generator Version: 1.0.0 The skill bundle is classified as suspicious due to a critical discrepancy between the stated functionality in `SKILL.md` and the actual behavior of `scripts/crs_generator.py`. The `SKILL.md` claims "信息脱敏 - 自动去除敏感信息,只保留模板" (Information desensitization - automatically remove sensitive information, only retain the template), but the Python script `crs_generator.py` extracts sensitive financial data (client name, account number, balances, transactions) from the input PDF and writes it directly into the generated Excel report without any desensitization. This misrepresentation could lead to unintentional disclosure of sensitive user data, as users might believe their information is anonymized when it is not.
- External report
- View on VirusTotal