Back to skill
Skillv0.1.0
VirusTotal security
Video Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- df425dca8d8df5c1d2daae6bd2544f4004215f5edd237c59a7987c2517da504e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-5 Version: 0.1.0 The skill instructs the AI agent to expose a local development server (Remotion Studio on port 3000) to the public internet using a Cloudflare tunnel (`bash skills/cloudflare-tunnel/scripts/tunnel.sh start 3000`) as detailed in `SKILL.md`. While the stated purpose is for the user to preview the video, this public exposure of a development environment creates a significant attack surface. If the Remotion Studio or the generated project contains vulnerabilities, or if the agent is later prompted to inject malicious code into the project files, this publicly accessible tunnel could be exploited by external attackers. This constitutes a high-risk vulnerability, not direct malware, as there's no explicit evidence of intentional malicious behavior like data exfiltration or persistence within the provided instructions.
- External report
- View on VirusTotal