Back to skill
Skillv1.0.0
VirusTotal security
抖音学习流水线 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 14, 2026, 8:26 AM
- Hash
- 1816ebdcbeb389622cdb31913f95d931f4840ca30b96e726a278b6217b16e7c6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-learning-pipeline Version: 1.0.0 The skill bundle is classified as suspicious due to instructions in SKILL.md and scripts/check_env.sh that direct the AI agent to perform high-privilege system modifications, including 'sudo apt install' for ffmpeg and 'git clone' for external repositories (e.g., jiji262/douyin-downloader). While these actions are aligned with the stated goal of a self-configuring pipeline, they represent a significant security risk by allowing the agent to execute arbitrary code fetched from the internet and modify the host system's software. Additionally, assets/douyin-downloader/auth/ms_token_manager.py fetches remote configuration files from a third-party GitHub repository (Johnserf-Seed/f2) at runtime, introducing a supply-chain vulnerability.
- External report
- View on VirusTotal