Back to skill
Skillv1.0.0
VirusTotal security
Zhipu AI TTS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:24 AM
- Hash
- e21c0de676ea79d8eb786288cf7dff5d84305b6675613cdfb4df8d577475809c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: zhipu-tts Version: 1.0.0 The OpenClaw skill bundle for Zhipu AI Text-to-Speech is classified as benign. The `scripts/text_to_speech.sh` script correctly handles user-provided input by using `jq --arg` for JSON payload construction, which safely escapes text, and consistently quotes all variables (`"$VAR"`) when passed to shell commands like `curl`, `file`, and `ls`. This prevents shell injection vulnerabilities. The `ZHIPU_API_KEY` is securely read from environment variables and sent only to the legitimate Zhipu AI API endpoint, with no evidence of data exfiltration or other malicious activities. The `SKILL.md` and `README.md` files contain only descriptive instructions without any prompt injection attempts.
- External report
- View on VirusTotal