Skillv0.1.0

VirusTotal security

Baoyu Danger Gemini Web · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 5:00 AM

Hash: 235f71be70a7cefb56cabb3ae777d8d745915c5d29c29d92d9101b097f4656d3
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: baoyu-danger-gemini-web Version: 0.1.0 This skill is classified as suspicious due to its use of high-risk capabilities, although they appear to be aligned with its stated purpose of interacting with a reverse-engineered Gemini Web API. Key indicators include: 1) The `SKILL.md` instructs the agent to read and apply settings from `EXTEND.md` files, which could be a prompt injection or configuration manipulation vulnerability if an attacker can control the content of these files. 2) The `scripts/gemini-webapi/utils/load-browser-cookies.ts` module launches a Chrome browser process with remote debugging enabled (`--remote-debugging-port`) and uses the Chrome Debugging Protocol (CDP) to extract authentication cookies. This is a powerful capability that, if exploited, could lead to unauthorized access to browser data. 3) The `scripts/gemini-webapi/utils/paths.ts` module uses `execSync` to run `cmd.exe` and `wslpath` for cross-platform path resolution, which is shell execution, albeit for a specific, benign purpose. While these capabilities are necessary for the skill's functionality, their inherent power and potential for misuse warrant a 'suspicious' classification rather than 'benign'.
External report: View on VirusTotal