Back to skill
Skillv1.0.0
VirusTotal security
vsum · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- c1113511e94d7a8f587622a34e66df6568755fc5f31e98ef0bb134663c7d54a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vsum Version: 1.0.0 The skill is classified as suspicious due to its use of `yt-dlp` with the `--cookies-from-browser chrome` option in `scripts/vsum.sh` and described in `SKILL.md`. While this functionality is stated as necessary for accessing Bilibili content, it grants the script access to potentially sensitive browser cookies. This capability, even if justified by the skill's purpose, represents a significant security risk and a potential vector for sensitive data exposure if the agent or skill were compromised, elevating it beyond benign.
- External report
- View on VirusTotal