Back to skill
Skillv0.1.1
VirusTotal security
Baoyu Post To Weibo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:08 AM
- Hash
- b00e94347c73ad05f0174a93b0f176b614d34f7bafe854c514aea89042af7163
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: baoyu-post-to-weibo-2 Version: 0.1.1 The skill bundle automates Weibo posting by controlling a Chrome browser via CDP and system-level utilities. It includes high-risk behaviors such as simulating real keystrokes (Cmd+V/Ctrl+V) using 'osascript', 'powershell.exe', and 'xdotool' in 'paste-from-clipboard.ts', and managing system processes via 'pkill' as instructed in 'SKILL.md'. Furthermore, the 'baoyu-md' library dynamically imports and executes remote JavaScript from a CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) to load syntax highlighters in 'languages.ts', which presents a remote code execution risk. While these capabilities are aligned with the stated purpose of bypassing anti-bot measures and rendering rich content, the combination of system-level interaction and remote code execution warrants a suspicious classification.
- External report
- View on VirusTotal