Back to skill
Skillv0.1.3
VirusTotal security
Yingmi Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 14, 2026, 2:01 AM
- Hash
- 58bdf14c953d3b09f7ce1b2ec1e8680cbfe39b2ef32dfeed81c797aec0a16ade
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yingmi-skill Version: 0.1.3 The skill requires the agent to install a global NPM package (`yingmi-skill-cli`) and explicitly suggests using `sudo` for installation in `references/CLI前置检查.md`. It also directs the agent to collect the user's phone number and SMS verification code to initialize an API key. Furthermore, the skill includes a 'remote-skill' feature that allows the execution of arbitrary scripts via the CLI. While these capabilities are aligned with the stated purpose of a financial assistant for the 'Qieman' platform, the combination of high-privilege installation, credential handling, and remote execution represents a significant security risk.
- External report
- View on VirusTotal