Back to skill
Skillv0.0.1-beta.1
VirusTotal security
Alibabacloud Iqs Weather Query · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 4:56 AM
- Hash
- cf8ef8a9dbd6fc2bbb41c35dd53f2aabd3c33eb4539b1ae2d75d9af0071a6f2f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alibabacloud-iqs-weather-query Version: 0.0.1-beta.1 The skill bundle implements a 'Continuous Evolution' feature in SKILL.md and scripts/weather.mjs that instructs the AI agent to modify its own source code. Specifically, if a weather site is not recognized, the agent is prompted via an 'evolveHint' to write a new parser function and register it in the PARSER_REGISTRY. This creates a high risk of code injection and remote code execution (RCE) because the agent's code-writing behavior is triggered by untrusted content fetched from external websites. While the stated purpose is benign (improving weather data extraction), the mechanism of self-modifying code based on external input is a significant security vulnerability.
- External report
- View on VirusTotal