Back to skill
Skillv1.0.0
VirusTotal security
Publish-Mate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 28, 2026, 1:51 PM
- Hash
- 9438766a5c46bb4115a713767eaffadc885c20368f5bbc1053b0b83bb468c2e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: publish-mate Version: 1.0.0 The skill provides automated news aggregation and WordPress publishing capabilities, but contains a significant security vulnerability in 'scripts/auto_publish.py' where SSL certificate verification is explicitly disabled (ssl.CERT_NONE) during image uploads. Additionally, 'scripts/fetch_news.py' performs unvalidated web scraping on URLs retrieved from external RSS feeds, which could be leveraged for Server-Side Request Forgery (SSRF) if a source is compromised. While the code appears to follow its stated purpose without clear malicious intent, these intentional security bypasses and lack of input validation pose a risk to the user's credentials and local network.
- External report
- View on VirusTotal