Back to skill
Skillv1.0.1
VirusTotal security
Instagram Reel Downloader (WhatsApp) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:11 AM
- Hash
- 8a30330e250bb4208a439cc5343e7d923ced6ab38735320021d278d489522505
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: instagram-reel-downloader-whatsapp Version: 1.0.1 The skill is suspicious due to a significant vulnerability related to the `BROWSER_EXECUTABLE_PATH` environment variable, which, if controlled by an attacker, could lead to Remote Code Execution (RCE) by launching an arbitrary executable instead of a browser (found in `SKILL.md` and `scripts/download_via_sss.mjs`). Additionally, the `REEL_DOWNLOAD_DIR` environment variable allows an attacker to specify an arbitrary download location, and the `download_via_sss.mjs` script runs Chromium with `--no-sandbox`, reducing its security posture. While these are vulnerabilities that could be exploited, there is no clear evidence of intentional malicious behavior by the skill itself.
- External report
- View on VirusTotal