Skillv1.0.3

VirusTotal security

掘金自动发布 · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewApr 30, 2026, 5:49 AM

Hash: 9765b98397ca05f579f13660abeb098ee74283f43b58e919a38f5577889bfdb3
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: juejin-auto-publisher Version: 1.0.3 The skill bundle facilitates automated article publishing to Juejin, which involves high-risk behaviors such as handling sensitive session cookies and performing network requests. While the stated purpose is legitimate, the bundle references external Python scripts (juejin_publisher.py and extract_juejin_cookie.py) that are not included in the provided files, preventing a full security audit of the execution logic. Additionally, the instructions encourage storing plaintext credentials in a local file (JUEJIN.md), which is a significant security vulnerability.
External report: View on VirusTotal