Back to skill
Skillv1.0.0
VirusTotal security
Yida App · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:18 AM
- Hash
- 9f935b895243ca926a1cfac1451f1a34869cc6f84946eb0136c5c1607fcbb758
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yida-app Version: 1.0.0 The skill bundle orchestrates the automated development and deployment of Alibaba Yida applications by executing local Node.js scripts and managing sensitive session data in `.cache/cookies.json`. While the instructions in `SKILL.md` align with the stated purpose, the workflow involves high-risk behaviors such as automated login via QR code screenshots and the execution of external scripts (e.g., `publish.js`, `create-app.js`) that are not included in the bundle. The reliance on session cookies and the enforcement of agent-led login procedures present a significant security surface for potential session hijacking or unauthorized platform access if the underlying scripts are compromised.
- External report
- View on VirusTotal