Back to skill
Skillv1.0.0
VirusTotal security
IOC 智能巡检报告 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 20, 2026, 9:46 PM
- Hash
- 43ed25245a9653f156cbad84c1eabfb7028c1a7e9f6db70183dd202a0df6b889
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ioc-patrol-report Version: 1.0.0 The skill bundle contains hardcoded, plaintext credentials (host, username, and password) for a remote PostgreSQL database (hightop.xin:55432) within the config.yaml file. While the logic in scripts/generate_report.py is consistent with the stated purpose of generating facility management reports, the inclusion of active remote credentials in a distributed package is a significant security vulnerability. There is no clear evidence of intentional malice, but the presence of specific, non-placeholder credentials for an external server is a high-risk configuration.
- External report
- View on VirusTotal