Back to skill
Skillv0.0.1
VirusTotal security
Juejin Article Trends · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:44 AM
- Hash
- 2d917450eba7f476c9439ab9fbd7b0118e5fa314d1fe626bd895f36fb8dd9e6d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: juejin-article-trends Version: 0.0.1 The skill bundle is classified as suspicious due to a lack of robust input sanitization in `scripts/juejin.js`. The script directly uses user-provided `categoryId` and `type` arguments from `process.argv` to construct URLs for `https://api.juejin.cn/` without explicit URL encoding. This could allow an attacker to inject arbitrary query parameters into the requests sent to the remote API, a form of URL parameter injection. While this does not directly compromise the OpenClaw agent, it represents a vulnerability in input handling that could be exploited to probe or potentially manipulate the target API.
- External report
- View on VirusTotal