Back to skill
Skillv1.0.0
VirusTotal security
speaker-local · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:54 AM
- Hash
- d06e3dc6b0762d06f81239be10c1b5108e37a50bb6247ec0fc4cee9c8283860f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: speak1 Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on external network requests to download and install components. Specifically, the `SKILL.md` instructs the agent to use `uv tool install kokoro-tts` to install the main tool and `wget` commands to download binary model files (`kokoro-v1.0.onnx`, `voices-v1.0.bin`) from a GitHub repository. While these actions are plausibly needed for the stated purpose of a local TTS tool, they introduce supply chain risks by fetching and trusting external binaries, which could be compromised. This constitutes a 'risky capability' without clear malicious intent, aligning with the 'suspicious' classification.
- External report
- View on VirusTotal