Back to skill
Skillv1.0.1
VirusTotal security
Welfare Guide · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:21 AM
- Hash
- 27cf42fc5ff584de91b9eff739510dee36732175e49f9bda68421673c5458e48
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: welfare-guide Version: 1.0.1 The skill is classified as suspicious due to its explicit reliance on executing shell scripts (`welfare_central.sh`, `welfare_local.sh`, `subsidy24.sh`) with dynamic arguments, as indicated in `playbook.md` and `scripts/README.md`. While the actual script contents are not provided, the instruction to execute external shell commands with potentially user-derived input creates a significant remote code execution (RCE) vulnerability surface if the scripts lack proper input sanitization. Additionally, the skill is designed to read an API key from `~/.config/data-go-kr/api_key` for its operation, which, while intended for legitimate use, adds to the risk profile when combined with shell execution capabilities.
- External report
- View on VirusTotal