Back to skill
Skillv2.5.9
VirusTotal security
Mimo Tts Asr 255 Free · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 12:26 AM
- Hash
- d83a7fc9b2d3e169d3d825fcfb2d101eff42348fc20d000f3d29d0b55b6333b0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mimo-tts-asr-255-free Version: 2.5.9 The skill provides TTS and ASR capabilities using the 'xiaomimimo.com' domain, which adopts branding similar to Xiaomi but is not an official company domain. While the Python scripts (asr.py and tts.py) are functional and lack explicit malicious payloads like credential theft or reverse shells, they send user-provided audio and text data to this external API. A potential risk exists in asr.py and tts.py where the file-reading functions lack strict path validation or enforcement of file types, potentially allowing the upload of sensitive local files if the agent is misdirected. The future-dated version history (2026) and 'limited time free' marketing are additional anomalies.
- External report
- View on VirusTotal