Back to skill
Skillv1.0.2
VirusTotal security
AI重生复仇爽文自动生成 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:37 AM
- Hash
- 051122456649c24e39877ea1bf3c500da742a72e3adce3fd40d39e2b2dd70b73
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-novel-chongshengfuchou Version: 1.0.2 The skill bundle implements an automated video generation pipeline but contains a shell injection vulnerability in pipeline.py, where subprocess.run(shell=True) is used on filenames retrieved from the local video/ directory. Additionally, the script transmits generated story text to an external, third-party TTS API (https://zero-libre-tts.vercel.app/api/tts), which may pose a data privacy risk. While the behavior aligns with the stated purpose of generating content, the lack of input sanitization in shell commands and the reliance on an unverified external endpoint are high-risk behaviors.
- External report
- View on VirusTotal