Skillv1.0.0

VirusTotal security

小红书MCP补丁包 · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 30, 2026, 5:06 AM

Hash: b1b572142d00ca227618b64933249073624a6a7360645c6df762851523e48bab
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: xiaohongshu-mcp-patch Version: 1.0.0 The skill bundle contains bash scripts for managing the 'Xiaohongshu MCP' service that perform high-risk operations. Key indicators include scripts that kill processes by port (fix-port.sh), copy sensitive session cookies to potentially world-readable locations like /tmp (fix-cookie.sh), and execute binaries directly from /tmp (check-service.sh). While these actions are consistent with the stated goal of troubleshooting deployment issues, they introduce significant security vulnerabilities regarding credential exposure and insecure execution paths.
External report: View on VirusTotal