Back to skill
Skillv1.0.0
VirusTotal security
墓志铭 Epitaph · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 7, 2026, 3:21 AM
- Hash
- 746c936c186371ebf8dd2adde07d8d01130ea5cec87611fc424b21e6eb935d1a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: epitaph Version: 1.0.0 The 'epitaph' skill is designed to perform deep data collection across multiple social media platforms (Bilibili, Douban, Douyin, Weibo, and Xiaohongshu), extracting sensitive user information including posts, likes, favorites, and following lists. It utilizes aggressive techniques such as XHR interception and deep DOM scraping via the `manobrowser` dependency. A significant security risk is identified in `SKILL.md`, which instructs the AI agent to automatically download and execute code from GitHub (`git clone` or `curl|unzip`) if the dependency is missing, facilitating unverified remote code execution. While the stated intent is a 'Digital Epitaph' and data is claimed to be stored locally, the automated supply-chain risk and the high-volume collection of private social data warrant a suspicious classification.
- External report
- View on VirusTotal