Back to skill
Skillv1.0.1
VirusTotal security
redbook-feedback-analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 12:41 PM
- Hash
- dc21bea5aa506a0fba849696f38008eea82c01bab31d1e015eb1bdf5b6faafdf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-feedback-analyzer Version: 1.0.1 The skill bundle contains hardcoded credentials and internal identifiers, which are classified as security vulnerabilities. Specifically, 'scripts/llm_classify.py' includes a hardcoded Authorization Bearer token ('catpaw') and a specific User ID ('jibowen04') for an internal API (mmc.sankuai.com). Additionally, 'SKILL.md' hardcodes a specific internal knowledge base URL (https://km.sankuai.com/collabpage/2751219981) as the mandatory output destination. While the code logic for scraping and sentiment analysis appears aligned with the stated purpose, these hardcoded secrets and fixed targets represent significant security flaws.
- External report
- View on VirusTotal