Back to skill
Skillv3.7.4
VirusTotal security
Douyin Video Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:50 AM
- Hash
- 149055ccc18227c62cbb37b2cdec1a43fdddc2f816273064b9f2a450c2a55cbe
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-video-analyzer Version: 3.7.4 The skill bundle implements a Douyin video analysis tool that downloads media using yt-dlp/Playwright and sends frames/audio to Zhipu AI (open.bigmodel.cn). It is classified as suspicious due to multiple instances of shell command construction using 'child_process.exec' with external inputs (e.g., video URLs and file paths in lib/video-downloader.js, lib/audio-processor.js, and lib/frame-extractor.js), which creates a high risk of Remote Code Execution (RCE) via shell injection. While these vulnerabilities are critical, the code's behavior appears consistent with its stated purpose, and no evidence of intentional malice or unauthorized data exfiltration was identified.
- External report
- View on VirusTotal