Back to skill
Skillv2.1.0
VirusTotal security
淘宝客全能工具箱 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- 08d1bfca105ebd65acf0a712b760517232ff4b90a03613ff08443386d7a6dd77
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: taobaoke-tool Version: 2.1.0 The skill documentation (SKILL.md) provides a configuration template containing hardcoded affiliate IDs and API keys (e.g., ZHETAOKE_APP_KEY, TAOBAO_PID, JD_UNION_ID). If users follow these instructions literally, all affiliate commissions will be redirected to the author, a practice known as commission hijacking. The actual Python scripts (e.g., taobaoke_master.py) are referenced but not provided, preventing a full audit of how these credentials or user sessions are handled.
- External report
- View on VirusTotal