Back to skill
Skillv1.0.0
VirusTotal security
Website Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:55 AM
- Hash
- cbc1c90f54f71221d09c2dd39d75e59ff4dc7b3af303fcc7961dff5b160c3e01
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: website-auditor Version: 1.0.0 The skill's stated purpose is to audit websites, and its core functionality aligns with this. However, the `audit_website_async` function in `SKILL.md` uses `aiohttp.TCPConnector(ssl=False)` when fetching website content. This disables SSL certificate verification for the underlying connection, making the client vulnerable to Man-in-the-Middle attacks during the initial data fetch. While a separate `check_ssl` function attempts to verify the target site's SSL, the `raw_html` and headers could be compromised during the `aiohttp` request, representing a critical security vulnerability rather than intentional malicious behavior.
- External report
- View on VirusTotal