Back to skill
Skillv1.0.0
VirusTotal security
UAPI 步骤2 (方法二): 获取原始文本 接口 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:33 AM
- Hash
- 5ac1bb18437ed7545c75ee0b0e3fef508ad87f473b564f235e74d9b4c4f793e1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: uapi-get-clipzy-raw Version: 1.0.0 The skill bundle is a functional wrapper for the Clipzy clipboard API (uapis.cn), but it is classified as suspicious because it implements a high-risk security practice: requiring a Base64-encoded AES decryption key to be passed as a plaintext URL query parameter (`key`). This vulnerability exposes sensitive cryptographic material in network logs, browser history, and server-side metadata. While the behavior is aligned with the stated purpose of the `get-clipzy-raw` endpoint and no evidence of intentional malice or unauthorized exfiltration was found, the inherent design flaw in the API handling sensitive keys warrants a cautious classification.
- External report
- View on VirusTotal