Back to skill
Skillv1.0.4
VirusTotal security
OpenSubtitles Read-only · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:38 AM
- Hash
- 1502541a19aa071829695cecc1d414d2d52517315b921bd58093ac3dd320d497
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: opensubtitles Version: 1.0.4 This OpenClaw skill bundle is benign. The `SKILL.md` provides clear guardrails for the AI agent, explicitly instructing it to avoid arbitrary file access and prevent logging/exposing sensitive credentials. The `opensubtitles-api.sh` script safely constructs API requests using `jq` for URL and JSON encoding, mitigating shell injection risks. Crucially, `subtitle-context.sh` implements robust path validation, ensuring that subtitle files are only read from the designated `{baseDir}/storage/subtitles/` directory and have a `.srt` extension, preventing arbitrary file reads. There is no evidence of malicious intent, data exfiltration, or unauthorized actions.
- External report
- View on VirusTotal