Back to skill
Skillv1.0.0
VirusTotal security
识别5300中银行流水样式、识别简版征信、详版征信、企业版征信等各种信贷文件汇总成专业分析报告。 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:27 AM
- Hash
- b4f816d0f21fc36edaf55bb0ef1770fdab0d8e63c26321eb2ab9b8b14a3a34c2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: credit-file-analyzer-zhengxin-liushui-ocr Version: 1.0.0 The skill processes highly sensitive financial documents (credit reports, bank statements) by sending user-provided URLs to a third-party API (ipipei.com). It contains a hardcoded API credential (ENTERPRISE_KEY) in scripts/analyze.py and lacks input sanitization for the URL and type parameters, which could lead to command injection depending on how the OpenClaw agent executes the shell command. While the behavior aligns with the stated purpose, the automated transmission of PII/financial data to an external service and the hardcoded key represent significant security and privacy risks.
- External report
- View on VirusTotal