Ephemeral Media Hosting
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ephemeral-media-hosting Version: 1.0.0 The skill bundle is classified as suspicious due to its broad system access capabilities and the installation of a persistence mechanism. Specifically, the `media-setup.sh` script within `SKILL.md` uses `sudo` to create and set permissions for system directories (`/var/www/media`), and the `cleanup-ephemeral-media.sh` script installs a cron job for daily execution. Additionally, the `fetch-image.sh` script demonstrates network access to fetch arbitrary external URLs using `curl`. While these actions are plausibly needed for the stated purpose of an ephemeral media hosting system and include security mitigations (MIME validation, size limits, ClamAV integration), the extensive system-level modifications and persistence capabilities elevate the risk profile beyond benign.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run on the wrong machine or with incorrect paths, these commands could alter server filesystem ownership and permissions.
The setup guide includes local shell commands with sudo that create directories and change ownership/permissions. This is expected for configuring a media host, but it changes the local server.
sudo mkdir -p "$media_root"/{temp,uploads,processed,logs,scripts}
sudo chown -R "$nginx_user:$nginx_user" "$media_root"Run the setup only on the intended server, review the paths and nginx user first, and keep backups of existing web-server configuration.
The user may need administrator access, and mistakes could affect the web server or public site availability.
The guide instructs configuring an nginx site under /etc/nginx, which normally requires administrator privileges. This is coherent with web hosting, but it crosses an OS privilege boundary.
# /etc/nginx/sites-available/ephemeral-media
server {
listen 80;
server_name media.yourdomain.com;Review the nginx configuration manually, test it before enabling, and apply it with the least necessary administrator access.
Once installed, the cleanup job can continue running daily and delete hosted files older than the configured retention period.
The skill includes an example that installs a recurring cron job for cleanup. The behavior is disclosed and purpose-aligned, but it persists after setup.
(crontab -l 2>/dev/null; echo "$cron_entry") | sort -u | crontab -
Install the cron job only if automatic deletion is desired, verify the retention period and paths, and document how to disable it.