Back to skill
Skillv1.0.0
VirusTotal security
企业微信对话配置 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 3:26 PM
- Hash
- 01ace9241e6707f0499b96cb98deef808ed352b39915edcf8fbc4ea242095524
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wecom-setup Version: 1.0.0 The skill provides instructions to set up a WeCom integration, which involves installing an external plugin (@wecom/wecom-openclaw-plugin) and configuring sensitive bot credentials (botId, secret). A significant concern is that SKILL.md explicitly instructs the AI agent to ignore security warnings related to 'Environment variable access combined with network send,' effectively coaching the agent to bypass platform security prompts. While the setup steps are consistent with the stated goal, the instruction to disregard security alerts is a high-risk indicator.
- External report
- View on VirusTotal