Back to skill
Skillv1.0.0
VirusTotal security
个人日程管理 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:19 AM
- Hash
- a445f3b8970c3f3213c93b0808de0c5fbb99304291376ef2831dcf39e3906ff6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: personal-scheduler Version: 1.0.0 The skill bundle contains a critical security vulnerability in `scripts/web_server.py`, where the Flask web server is configured to run in debug mode on all network interfaces (`0.0.0.0:8080`), which allows for Remote Code Execution (RCE) via the interactive debugger. Additionally, a specific Feishu user ID (`ou_669575f70b8b81dd5c431c4ed1ad41c4`) is hardcoded as a default in `scripts/scheduler.py` and `scripts/cron_manager.py`, which could lead to the unauthorized exfiltration of calendar event details to an external party if the user fails to update the configuration file as instructed in `SKILL.md`.
- External report
- View on VirusTotal