Back to skill
Skillv1.0.1
VirusTotal security
dmp-persona-insight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 10, 2026, 3:36 AM
- Hash
- 13328aeae8fd5c2c26597319b2c8aa6a7ac5ed8f05455df100f4ef8c26f00d54
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dmp-persona-insight Version: 1.0.1 The skill bundle contains a significant security vulnerability in 'scripts/insight_api.py', where SSL certificate verification is explicitly disabled ('verify=False') for API requests to 'open.mingdata.com'. This flaw exposes sensitive credentials (DMP_AK and DMP_SK) to potential Man-in-the-Middle (MITM) attacks. While the scripts and documentation (SKILL.md, references/) appear functionally aligned with the stated purpose of marketing data analysis and lack evidence of intentional malice or data exfiltration, the insecure handling of network requests warrants a suspicious classification.
- External report
- View on VirusTotal