Back to skill
Skillv1.0.0
VirusTotal security
Instagram Reels · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:53 AM
- Hash
- b4c97993d1ca96940052a8dbffe36f6402411a35b6cc491037f71c6a4621a300
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: instagram-reels Version: 1.0.0 The skill is designed to download and transcribe Instagram Reels, using standard tools like yt-dlp, curl, ffmpeg, and python3. All operations are aligned with its stated purpose. However, the skill passes user-provided input (REEL_URL) directly into shell commands without explicit sanitization, creating a significant shell injection vulnerability (potential RCE) if the OpenClaw agent does not properly sanitize inputs before execution. This is a critical vulnerability, classifying the skill as 'suspicious' rather than 'benign' due to the high risk, even without evidence of intentional malicious behavior within the skill's instructions themselves. No data exfiltration, persistence, or prompt injection attempts were detected.
- External report
- View on VirusTotal