Back to skill
Skillv1.0.1
VirusTotal security
Chinese Voice Detective Mystery Game · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:41 AM
- Hash
- 78399313fad2cd013e287cd5bade9482f80c7f4e75c27061b6078026ea00fcd6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: detective-mystery Version: 1.0.1 The skill is a voice-based detective game that uses external AI services for gameplay. It is classified as suspicious because scripts/run_mystery.py contains security vulnerabilities that could be exploited for data exfiltration or unauthorized file access. Specifically, the ASR (Automatic Speech Recognition) feature allows a user to provide an arbitrary file path, which the script then reads and transmits to an external API (api.senseaudio.cn) without validation. Additionally, the TTS (Text-to-Speech) system uses unsanitized identifiers generated by the LLM to construct local file paths, creating a risk of path traversal. While these appear to be unintentional coding flaws rather than intentional malware, they represent a significant attack surface for prompt-injection or social engineering against the AI agent.
- External report
- View on VirusTotal