Back to skill
Skillv1.2.3
VirusTotal security
Skill Dropshipping Fulfillment · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:46 AM
- Hash
- d2d41ca48061982a9de7c338f90c9388859be2e5462d949bf1c8da62b1b908b3
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: skill-dropshipping-fulfillment Version: 1.2.3 The skill bundle is classified as benign. All code and documentation align with the stated purpose of automating dropshipping fulfillment between WooCommerce and CJ Dropshipping. The scripts (`scripts/fulfill.js`, `scripts/rebuild-mapping.js`, `scripts/cj-api.js`, `scripts/woo-api.js`) perform expected API calls to WooCommerce and CJ Dropshipping, read/write configuration and log files, and update WooCommerce order statuses and product SKUs. While the use of hardcoded default paths (e.g., `/home/aladdin/woo-api.json`) and plain-text credential storage in JSON files (`woo-api.json`, `cj-api.json`) are poor security practices and represent vulnerabilities in deployment/configuration, they do not indicate intentional malicious behavior by the skill itself. There is no evidence of data exfiltration to unauthorized endpoints, malicious command execution, persistence mechanisms, or prompt injection attempts in `SKILL.md`.
- External report
- View on VirusTotal