Back to skill
Skillv1.0.1
VirusTotal security
X Mobile Longshot / X 真机感长截图导出 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:15 AM
- Hash
- 1c9cb56c24acbcf7c982a80b441c42aa208bb4dab2408b3002ecc4964ac65775
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-mobile-longshot Version: 1.0.1 The skill is classified as suspicious due to a code injection vulnerability in `scripts/render_x_longshot.js`. The script constructs a Python snippet using unsanitized input from the `--out-png` argument and executes it via `spawnSync`, which could allow arbitrary Python code execution if the output path is manipulated. While the tool's functionality for capturing and cleaning X (Twitter) screenshots appears legitimate and aligned with its stated purpose, this implementation flaw poses a significant security risk.
- External report
- View on VirusTotal