Back to skill
Skillv1.0.1
VirusTotal security
wechat-mick · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:02 AM
- Hash
- f4449716b0d677913754df797dc44d693d50b446fd03c658781b2c6f7916fc7f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-mick Version: 1.0.1 The skill contains a potential shell injection vulnerability in SKILL.md, where the agent is instructed to execute a local Python script (scripts/fetch_article.py) by passing a user-provided URL directly into a shell command within double quotes. While the Python script itself is a standard web scraper and shows no signs of malicious intent or data exfiltration, the lack of input sanitization in the execution instructions could allow a crafted URL to execute arbitrary commands on the host system.
- External report
- View on VirusTotal