Back to skill
Skillv1.0.0
VirusTotal security
媒体广告流量分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 9:08 AM
- Hash
- e0b9d45bf5cdf21a5ac3418a87829b9075566508ae6e5f5d66e36dddbdad1a8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mediainsight-ad-traffic-universal Version: 1.0.0 The skill bundle exhibits high-risk security practices and vulnerabilities in its authentication logic. Specifically, scripts/mediainsight_client.py contains logic to extract plaintext-like usernames and passwords from the 'sub' field of a JWT, which is an insecure method for handling credentials. Additionally, scripts/submit_ad_task.py includes a hardcoded 'demo' JWT containing functional credentials. While the scripts appear to function as intended for interacting with the MediaInsight API (mediainsight.cn.miaozhen.com) and no evidence of intentional data exfiltration was found, the reliance on insecure credential storage and local session persistence (.mediainsight-session.json) constitutes a significant security flaw.
- External report
- View on VirusTotal