Back to skill
Skillv1.0.0
VirusTotal security
Image To Video Editor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 12, 2026, 9:16 PM
- Hash
- 35ff42515e6d4c55e9896dee597e3c9b08fcb1f163684c4e61918ae3b400f72e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: image-to-video-editor Version: 1.0.0 The skill facilitates image-to-video conversion by uploading user files to an external API (mega-api-prod.nemovideo.ai). It is classified as suspicious because the instructions in SKILL.md lack explicit path sanitization for the file upload action (multipart -F 'files=@/path'), which could be exploited via prompt injection to exfiltrate sensitive local files. Additionally, the skill performs environment fingerprinting by inspecting its installation path to set attribution headers and includes logic for automatic, silent acquisition of anonymous authentication tokens.
- External report
- View on VirusTotal