Back to skill
Skillv2.0.0
VirusTotal security
Index Youtube · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:22 AM
- Hash
- bafc841944a0df9f5a11d817c768245e88bb90d7ca6d0307c5dc42b241732461
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solo-index-youtube Version: 2.0.0 The skill is classified as suspicious due to a significant shell injection vulnerability. The `SKILL.md` instructs the AI agent to parse `$ARGUMENTS` and use them directly in `Bash` commands (e.g., `solograph-cli index-youtube -c <handle>` or `yt-dlp` URLs) without specifying sanitization. This allows a malicious user to inject arbitrary commands if the agent's implementation is naive. While the skill requests broad `Bash`, `Read`, `Write`, and `Grep` permissions, their described usage is generally aligned with the stated purpose of indexing YouTube content, and there are no explicit instructions for data exfiltration or other malicious activities.
- External report
- View on VirusTotal