Back to skill
Skillv1.0.0
VirusTotal security
Transistor FM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:36 AM
- Hash
- 946dbe87e25937011c5b861019d1ab684fb7d9a87effb3d6efb876329d01c789
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: transistorfm Version: 1.0.0 The skill's stated purpose is legitimate Transistor.fm API interaction. However, the `SKILL.md` includes instructions for uploading local files using `curl -T /path/to/episode.mp3`. While this is necessary for the stated purpose of uploading audio files, it introduces a significant vulnerability. An AI agent executing these instructions could potentially be prompted via prompt injection to upload arbitrary sensitive files from its host system to Transistor.fm's authorized upload URLs, leading to data exfiltration. This capability, though not malicious in intent, presents a high risk of abuse, classifying it as suspicious.
- External report
- View on VirusTotal