Back to skill
Skillv0.1.0
VirusTotal security
Movie Subtitle Viewer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:32 AM
- Hash
- b6054357f1dab6545e3e304941bd82e8cce5b9b9201585003d0b46a733fd028d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: movie-subtitle-viewer Version: 0.1.0 The skill is functional for its stated purpose but contains a path traversal vulnerability in `src/subtitle_client.py`. The `download` method uses the `file_name` attribute directly from the OpenSubtitles API response as a local file path without sanitization, which could allow a malicious or compromised API response to overwrite arbitrary files in the agent's environment. While the logic in `SKILL.md` and the rest of the source code appears benign and aligned with the intended subtitle-viewing functionality, the lack of input sanitization on file operations is a significant security flaw.
- External report
- View on VirusTotal