Back to skill
Skillv1.0.1
VirusTotal security
Auto Sec Blogger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:38 AM
- Hash
- 60c1eaa7c73ce0b96c3ffb07a76d237d2ea3b130e393658cfc2aa17216bd0b83
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-sec-blogger Version: 1.0.1 The skill bundle is a complex security news aggregator and blogging automation tool that integrates with Notion, GitHub, and Zhipu AI. It is classified as suspicious primarily due to the presence of multiple hardcoded absolute file paths belonging to different local users (e.g., '/Users/rebugui/' and '/Users/nabang/') across several files, including auto_publish_approved.py, git_publisher_service.py, and run_git_publisher.py. These artifacts suggest the code was lifted directly from specific local environments and may behave unpredictably or attempt to access non-existent directories on a new system. Furthermore, the skill requires high-privilege credentials (GITHUB_TOKEN, NOTION_API_KEY) and performs potentially risky operations such as 'git push' and executing remote packages via 'npx' in notion_publisher.py.
- External report
- View on VirusTotal