Back to skill
Skillv1.0.0
VirusTotal security
Xhs Surfer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:16 AM
- Hash
- 2d2f4a95fa686c6474efad87e926b4d5a3c02cfa919043c4f953cf8e28018d41
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xhs-surfer Version: 1.0.0 The xhs-surfer skill is a browser automation tool for Xiaohongshu that handles sensitive session cookies and requires external LLM API keys for automated interactions. While the functionality aligns with its stated purpose, the handling of authentication tokens and a discrepancy in the metadata—specifically a typo in the homepage URL (xhs_suffer vs xhs-surfer)—are indicators of potential risk or deceptive sourcing. The tool's high-privilege actions (automated social media engagement and credential management) warrant caution as they could be leveraged for account misuse if the underlying PyPI package is compromised.
- External report
- View on VirusTotal