Back to skill
Skillv1.0.0
VirusTotal security
siyuan-task-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:39 AM
- Hash
- 6d47be50b7bf3d03fa616bdb7caf195d5d6623b88473226b5216ac86f74b0ccb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: siyuan-task-skill Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities, even though they are plausibly needed for its stated purpose of managing tasks in SiYuan Note. Key indicators include the broad `Bash(python3:*)` permissions, the `upload_asset` function in `scripts/siyuan_api.py` which can read arbitrary local files and upload them to the SiYuan instance (a form of data exfiltration to the SiYuan application itself), and the `init_database` function in `scripts/task_ops.py` which rewrites the `config.env` file, demonstrating local file modification. Additionally, the `siyuan_api.py` client exposes powerful `sql_query`, `get_file`, and `put_file` methods that allow extensive interaction with the SiYuan internal database and file system, which could be misused if the agent or user input were compromised.
- External report
- View on VirusTotal