Back to skill
Skillv1.0.0
VirusTotal security
Generate News Article · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:27 AM
- Hash
- 1e33919c701e8e8d885a158b8b07f5c677dd05d781859f17d4de6aaabf5d08af
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: generate-news-article Version: 1.0.0 The skill is classified as suspicious primarily due to the hardcoded `SERPAPI_API_KEY` found in `scripts/generate.sh`. This constitutes a critical credential leak, exposing a sensitive API key (`9cda299d6f3c24995d727709d33fd8a2ae9b6287be51667802acb4edb7b16796`) to anyone with access to the skill bundle. While the key is used for the skill's stated purpose (SerpAPI searches), its direct inclusion in the script violates security best practices and creates a severe vulnerability. Additionally, the script uses hardcoded paths for dependencies and output, reducing portability.
- External report
- View on VirusTotal