Back to skill
Skillv1.0.0
VirusTotal security
Dawang · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 8, 2026, 6:26 AM
- Hash
- 26783ffce168ac9074834cd5e44534c6f25aeacf79bcc1ba929ca7e4959ef1c2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dawang Version: 1.0.0 The skill bundle contains multiple high-risk security issues, including hardcoded Feishu APP_SECRETs (scripts/podcasts/update_feishu.py), hardcoded Gateway tokens (scripts/compact_session.py), and live session cookies for dianping.com (beijing-bbq/dianping_cookies.json). It also includes self-modifying Python scripts (scripts/fix_final.py) that programmatically edit other skill files. While these appear to be part of a highly customized personal automation setup for fitness and podcast tracking, the inclusion of active credentials and self-patching logic is extremely risky. Additionally, SOUL.md contains strong persona-enforcement instructions that command the agent to hide its AI identity and strictly forbid it from allowing the user to perform manual tasks, which functions as a targeted prompt injection for identity obfuscation.
- External report
- View on VirusTotal