Back to skill
Skillv1.0.1
VirusTotal security
Ressemble TTS e STT · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:33 AM
- Hash
- 8f8e859171fee4aef9668d8a9eac097a629590e4cd9936de18ccd1492842283a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ressemble Version: 1.0.1 The skill bundle is classified as suspicious due to vulnerabilities in input handling within the shell scripts. Specifically, `scripts/tts.sh` directly interpolates user-provided text and voice UUID into a JSON payload, creating a JSON injection vulnerability if the input contains special characters. Similarly, `scripts/stt.sh` uses the user-provided audio file path directly without explicit sanitization, which could lead to issues if the path contains shell metacharacters. While these are vulnerabilities and not evidence of malicious intent, they represent a risk of unexpected behavior or potential exploitation if the agent provides crafted inputs. The scripts otherwise interact with legitimate Resemble AI API endpoints (`https://app.resemble.ai`, `https://f.cluster.resemble.ai`) for their stated purpose.
- External report
- View on VirusTotal