Skillv1.0.0

VirusTotal security

xueqiu-collector · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 11, 2026, 7:51 AM

Hash: f2da937a38c38f6a6e9806fb1748c27b9755e8da5de4de133bfbec188205b8e5
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: xueqiu-collector Version: 1.0.0 The skill is a functional Xueqiu scraper that requires high-privilege access to the user's Edge browser profile (including session cookies) to bypass anti-bot measures. While this behavior is aligned with the stated purpose, the script `collect.py` lacks input sanitization for the `author` parameter, which is used to construct file paths, creating a potential path traversal vulnerability during data export. Additionally, the tool relies on executing shell commands via `subprocess` and `npx`, which increases the risk if the AI agent is manipulated into using malicious arguments.
External report: View on VirusTotal