Back to skill
Skillv1.1.3
VirusTotal security
WebSocket 接收器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:58 AM
- Hash
- 6ed9e338f857736a0e70a6092c12320a472ad24719c1e8ec802876dfec248bc0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: websocket-receiver Version: 1.1.3 The skill functions as a WebSocket data receiver that integrates with the OpenClaw agent for automated AI analysis. It is classified as suspicious because the 'install.sh' script hardcodes a specific remote IP address (59.110.46.1) as the default data source and modifies shell configuration files (.bashrc/.zshrc) for persistence. Furthermore, 'scripts/receiver.py' forwards unsanitized data from the WebSocket directly into LLM prompts, which presents a significant risk for indirect prompt injection attacks against the OpenClaw agent.
- External report
- View on VirusTotal