Back to skill
Skillv1.1.0
VirusTotal security
企业微信通知提醒 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:22 AM
- Hash
- d043284c48e13c4225be28d3e00241c39d598322fc3348f54f601c797f63990e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: weixin-webhook Version: 1.1.0 The skill provides a utility for sending WeChat notifications but contains vulnerabilities in `send_weixin.sh`. The script lacks input sanitization, making it susceptible to JSON injection when constructing the API payload via string concatenation. Additionally, the practice of passing sensitive webhook keys as command-line arguments is insecure as it can expose credentials in system process listings. While these are likely unintentional coding flaws, they represent a lack of security best practices in handling external input and secrets.
- External report
- View on VirusTotal