Back to skill
Skillv1.0.4
VirusTotal security
Dlazy Wan2.7 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 9:01 AM
- Hash
- 07cb06f1f2f7a631fb7e0562f2650bb35e104bfe649157cc8161cdcf75d1de56
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dlazy-wan2-7 Version: 1.0.4 The skill bundle provides an interface for the Tongyi Wanxiang 2.7 video model by wrapping the `@dlazy/cli` tool. It requires high-risk operations, including a global npm installation (`npm install -g`), local file access for uploading media to `oss.dlazy.com`, and storage of API keys in `~/.dlazy/config.json`. While these behaviors are clearly documented and aligned with the tool's stated purpose, the analysis criteria classify risky capabilities (shell, network, and file access) as suspicious even when plausibly needed for the stated function. No evidence of intentional malice or unauthorized data exfiltration was found in SKILL.md or _meta.json.
- External report
- View on VirusTotal