Back to skill
Skillv1.0.0
VirusTotal security
wechat-claw-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:27 AM
- Hash
- 9931cd29303c0dc2a02062b83aa31153aea872cabbc703837325f5067d3a7952
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-claw-skill Version: 1.0.0 The skill bundle provides a comprehensive automated pipeline for WeChat article generation and publishing, but it includes several high-risk capabilities. Specifically, `scripts/collect_sources.py` allows for arbitrary local file reading and remote URL fetching (potential SSRF/data exfiltration), while `scripts/run_pipeline.py` utilizes `subprocess.run` to execute external Python scripts based on paths provided as arguments. Although these features are clearly aligned with the stated purpose of a publishing workflow and lack evidence of intentional malice or obfuscation, they constitute a significant attack surface that could be exploited if the agent is manipulated via prompt injection.
- External report
- View on VirusTotal