Back to skill
Skillv1.0.0
VirusTotal security
wechat article formatter pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:25 AM
- Hash
- 1e95bfd0cc458bae26b8b47244b2724e29a878082902cc69cfbd57dd369e6592
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-article-formatter-pro Version: 1.0.0 The skill contains a path traversal vulnerability in 'wechat_template_generator.py' and 'skill_entry.py'. The 'theme_css' argument is passed directly from the command line to 'os.path.join' without sanitization, allowing an attacker to potentially read arbitrary local files (e.g., via '../../../../etc/passwd') and embed their contents into the generated HTML output. While the tool's logic for WeChat article formatting appears legitimate, the lack of path validation is a significant security flaw that could be exploited via prompt injection.
- External report
- View on VirusTotal