Back to skill
Skillv1.1.0
VirusTotal security
微信公众号阅读器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- b6ad8346e0398107f71f6b04c70db074c21ea6a30732fc39c374c40347d55362
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weixin-reader Version: 1.1.0 The bundle provides article extraction tools using Playwright. While the primary script (extract.py) implements robust SSRF protection via DNS resolution validation, this critical security control is missing from several other functional scripts in the bundle, including extract_generic.py, extract_notion.py, and search_article.py. This inconsistency creates a significant SSRF vulnerability, allowing the agent to be potentially manipulated into accessing internal network resources. Although there is no evidence of intentional malice or data exfiltration, the high-risk nature of unvalidated browser automation justifies a suspicious classification.
- External report
- View on VirusTotal