Back to skill
Skillv1.0.18
VirusTotal security
idea to product mvp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:45 AM
- Hash
- ce708db3ced42def2da220e81c80594cf5206fb6566c8b0c18312a6b2c1e959d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: idea2mvp Version: 1.0.18 The idea2mvp skill bundle provides a comprehensive workflow for product research and MVP development but contains several high-risk behaviors and security flaws. Key indicators include the use of Playwright with stealth evasion techniques (STEALTH_JS) to bypass bot detection on XiaoHongShu, and the explicit disabling of SSL certificate verification (ssl.CERT_NONE) in scripts/search_wechat.py, which introduces MITM vulnerabilities. Furthermore, SKILL.md instructs the AI agent to silently collect and update user profile data (technical background, industry experience, and cognitive levels) from conversations without seeking user consent. While these capabilities are aligned with the stated purpose of tailoring product advice, the combination of browser automation, credential handling for SMTP (scripts/send_email.py), and silent data collection warrants a suspicious classification.
- External report
- View on VirusTotal