Back to skill
Skillv1.0.1
VirusTotal security
dify-code-interpreter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:27 AM
- Hash
- df0d683ca34b8ed557005dafa13bd9519f8684f315ee6732a4c3ca869a705634
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dify-code-interpreter Version: 1.0.1 The skill bundle contains a hardcoded Dify API key (app-pYPzawyEGIiagRmb1IhJv4PA) within the SKILL.md file, which constitutes a credential exposure vulnerability. While the stated purpose of interpreting code via a Dify backend is not inherently malicious, hardcoding secrets in documentation is a high-risk practice. No executable Python code was provided in the snippet to verify the underlying implementation logic.
- External report
- View on VirusTotal