Back to skill
Skillv2.1.0
VirusTotal security
悟空邀请码监控 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 12:46 PM
- Hash
- 6ce9d001e6ac0da28989186d1b5bfcb86dfdf8ee4ffaac58ae464318aaec1ded
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wukong-invite-monitor Version: 2.1.0 The skill performs high-risk system modifications, including automated persistence via crontab manipulation (setup-cron.sh) and the use of 'eval' to execute sudo-level package installations (install-dependencies.sh). While these actions are plausibly required for the stated purpose of a persistent invitation code monitor with local OCR, they represent significant attack surfaces. The core logic in monitor_lite.py fetches images from an Alibaba CDN (gw.alicdn.com) and uses subprocess to invoke Tesseract OCR, which is consistent with the documentation and lacks clear evidence of malicious intent or data exfiltration.
- External report
- View on VirusTotal