Back to skill
Skillv1.0.0
VirusTotal security
微博热搜采集 | Weibo Hot Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:29 AM
- Hash
- 8ea8b91eb3223d5b6069ad5c576b9d09bf0507bc1b2c7adcb38ef48098eaa70a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weibo-trending Version: 1.0.0 The skill bundle provides legitimate functionality for scraping and visualizing Weibo hot search data, but it contains critical security vulnerabilities. Specifically, 'scripts/fetch-hot-search.py' uses 'subprocess.run' with 'shell=True' to process URLs parsed directly from external web content, which creates a significant shell injection risk. Additionally, 'scripts/query.py' uses string formatting to construct SQL queries, introducing a potential SQL injection vector. While these appear to be unintentional coding flaws rather than intentional malice, they constitute high-risk behaviors that could be exploited by malicious content on the scraped pages.
- External report
- View on VirusTotal