Back to skill
Skillv1.0.0
VirusTotal security
小红书图文生成器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:42 AM
- Hash
- e835c94c026b8608de155d1624990097c6aa147498acc161d2fe61744725344f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiaohongshu-article-generator Version: 1.0.0 The skill bundle is classified as suspicious due to a lack of input sanitization on the 'topic' parameter in index.js, which is used directly in filesystem operations (mkdirSync, join), creating a path traversal vulnerability. Furthermore, temp-convert.js and EXAMPLES.md contain hardcoded absolute file paths specific to a Windows administrator environment (C:/Users/Administrator/...), which is atypical for portable skills and poses a risk if executed in environments with similar structures. While the core logic aligns with the stated purpose of generating social media content, these vulnerabilities and the request for broad 'shell' and 'filesystem' permissions without robust safety checks warrant caution.
- External report
- View on VirusTotal