Back to skill
Skillv0.6.1
VirusTotal security
Naver Blog Publisher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:39 AM
- Hash
- 7b70d71d20ea988d6bea420e9d999f68e8a70ddc3f3e058ec7d18c1a59d37db3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: naver-blog-writer Version: 0.6.1 The skill relies on executing an external, scoped npm package (@y80163442/naver-thin-runner) via npx to install a local daemon and system services (--auto-service both) on macOS. It handles sensitive administrative API keys and tokens, and while these actions are consistent with the stated goal of automating Naver Blog publishing, the requirement for broad local system access and the execution of unverified remote code via npx represent a significant security risk.
- External report
- View on VirusTotal