Back to skill
Skillv0.1.0
VirusTotal security
Voice Note To Midi · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:10 AM
- Hash
- b69c2e341610cbc1ec9208f4d87a83044c58cf50a6dafe0e4a20f43ecfae8fd1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-note-to-midi Version: 0.1.0 The skill's `setup.sh` script includes an instruction for the user to manually download the `hum2midi` script from `https://raw.githubusercontent.com/basic-pitch/basic-pitch/main/hum2midi` if it's not found locally. While this is a manual instruction and the URL points to a legitimate project (Spotify's Basic Pitch), relying on an external URL for a core component introduces a supply chain risk. There is no clear evidence of intentional malicious behavior, but this external dependency is a notable high-risk behavior.
- External report
- View on VirusTotal