Back to skill
Skillv1.0.0
VirusTotal security
vwu.ai TTS Models · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:33 AM
- Hash
- 738fba93bb5eb796091c515945e33d4905cebbe247586d5ec93c8bdf072c7333
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vwu-tts Version: 1.0.0 The script vwu-chat.sh contains a shell injection vulnerability because it expands the $PROMPT and $MODEL variables directly within a double-quoted string passed to curl without proper escaping or using jq to construct the JSON payload safely. This could allow an attacker to execute arbitrary commands or manipulate the API request. While the behavior aligns with the stated purpose of calling the vwu.ai API, the lack of input sanitization is a significant security flaw.
- External report
- View on VirusTotal