Back to skill
Skillv1.0.1
VirusTotal security
salute speech · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- 96b2b598960d9afd0cf64edd56221a45efb8900356db71e4639a8005973d726e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: salute-speech Version: 1.0.1 The skill bundle is classified as suspicious due to multiple critical vulnerabilities. The `salute_transcribe.py` script explicitly disables SSL/TLS verification (`verify_ssl=False`) for all network communications, as also noted in `SKILL.md`, creating a severe Man-in-the-Middle (MITM) risk. Furthermore, the script's `upload_file` method reads and uploads the content of any file specified by the `--file` argument to a third-party API, enabling potential data exfiltration if an agent is prompted to provide a sensitive file path. Lastly, the script allows writing arbitrary files to user-controlled directories via the `--output_dir` argument, which could be exploited through prompt injection to achieve persistence or other malicious actions on the host system.
- External report
- View on VirusTotal