Back to skill
Skillv1.0.0
VirusTotal security
skill-alipayplus-integration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 8, 2026, 1:31 PM
- Hash
- 6e054c35d75b52e09b3964ca762cfd3817a9667554d51834694c7d7e8fec5cd5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-alipayplus-integration Version: 1.0.0 The skill bundle provides tools for Alipay+ payment integration that include high-risk network and file system operations. Specifically, `scripts/debug-notify.sh` utilizes `netcat` (nc) to listen on local ports and `ngrok` for intranet penetration to facilitate webhook debugging, while `scripts/download-reconciliation.sh` is designed to access the user's SSH directory (~/.ssh/alipayplus_sftp) for SFTP-based data retrieval. Although these behaviors are plausibly aligned with the stated purpose of the skill, the inclusion of tools capable of establishing remote access and accessing private keys represents a significant security risk.
- External report
- View on VirusTotal