Back to skill
Skillv0.1.0
VirusTotal security
OpenClaw Capture · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:41 AM
- Hash
- 4fe1efcfea22d4ada9cb964f7643428ef177b7cd52c3b1f23f805cdc557493af
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-capture Version: 0.1.0 The skill functions as a complex wrapper for a local 'openclaw_capture_workflow' and exhibits high-risk behaviors, specifically dynamic shell command construction and execution in 'video_audio_bridge.py' and 'dispatcher.py'. It uses shlex.split on strings formatted with user-provided URLs, which is a pattern vulnerable to argument injection. Furthermore, the skill requires extensive sensitive environment variables (API keys, bot tokens) and provides a mechanism to execute arbitrary local STT commands via the 'OPENCLAW_CAPTURE_LOCAL_STT_COMMAND' variable, creating a significant surface for local privilege escalation or unauthorized execution if the environment is compromised.
- External report
- View on VirusTotal