Back to skill
Skillv1.0.0
VirusTotal security
Display Name: ChatMerge - 智能多渠道聊天纪要助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 5:36 PM
- Hash
- aaac6f7baf008dc38a2aebd49c8ada4ce79e7d980705c4356b7136dff1bfd618
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chatmerge Version: 1.0.0 The ChatMerge skill bundle is a highly sophisticated tool designed to aggregate and analyze chat data from 20+ platforms. It is classified as suspicious because it requests high-privilege tools, specifically 'bash', 'read', 'write', and 'message', which grant the AI agent broad access to the local file system, shell execution, and private communications. While the documentation (SKILL.md and ADVANCED_FEATURES.md) justifies these for integrations with Jira, Notion, and GitHub, providing an AI agent with raw bash access creates a significant risk of Remote Code Execution (RCE) via prompt injection. Furthermore, the 'Real-time Monitoring' and 'Scheduled Reports' features utilize 'sessions_send' for persistent background execution, which could be abused for unauthorized surveillance or data exfiltration if the agent's instructions are subverted. No explicit malicious payloads or exfiltration endpoints were identified, but the capability set exceeds standard safety boundaries for typical agent skills.
- External report
- View on VirusTotal