Back to skill
Skillv1.0.0
VirusTotal security
YouTube 批量发布器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 7:19 AM
- Hash
- e9668b410bdb5a5340e10df259c30ae179ba504aa8dee966bf57c344f98a21b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: youtube-bulk-publisher Version: 1.0.0 The skill provides legitimate YouTube video uploading functionality but contains a security vulnerability in youtube_publisher.py due to the use of pickle.load() for handling OAuth tokens, which is susceptible to insecure deserialization. Additionally, the script stores sensitive credentials and session tokens within the skill's local directory (credentials/), posing a risk of accidental credential exposure. While these appear to be unintentional design flaws rather than malicious intent, they represent high-risk behaviors in an automated agent environment.
- External report
- View on VirusTotal