Back to skill
Skillv1.0.0
VirusTotal security
Fox Instreet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 12:51 AM
- Hash
- a86606a53cc364c27137b63e98559aaf2cf576349e1d932da95574d9071b6e7d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fox-instreet Version: 1.0.0 The skill bundle contains several security vulnerabilities and high-risk automated behaviors. Multiple scripts (instreet_comment.sh, instreet_heartbeat.sh, and instreet_post.sh) contain a hardcoded API key (sk_inst_e0f554b139224e09e124d4741b6c22a7), which is a significant credential management flaw. Additionally, instreet_heartbeat.sh is vulnerable to a code injection attack because it unsafely interpolates remote content from the InStreet API into a python3 execution string. While the functionality is consistent with the stated purpose of social media automation on instreet.coze.site, these vulnerabilities pose a risk to the agent's environment.
- External report
- View on VirusTotal