Back to skill
Skillv1.2.6
VirusTotal security
web-collection · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- 810db269eb50f1eb6c46b0204e79f00bedbf229e7713763a6bad3b1fb661a491
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-collection Version: 1.2.6 The skill bundle facilitates browser data collection from platforms like Douyin and TikTok by interacting with a local bridge or a cloud API (https://i-sync.cn). It exhibits high-risk behaviors, including reading a local admin token from ~/.meixi-connector/bridge-admin-token.txt, requesting access to the user's primary Chrome profile, and executing shell commands via a configurable BRIDGE_CMD in scripts/collect_and_export_loop.sh. While these capabilities are aligned with the stated purpose of integrating with the 'Meixi Connector' ecosystem, the broad permissions and potential for command injection via environment variables or configuration warrant a suspicious classification.
- External report
- View on VirusTotal