Skillv1.0.1

VirusTotal security

推特视频下载器 · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 6:55 AM

Hash: 1deb157ec6489d1ad8610d4424165b8c05647a84fc4d0ba43a3039f27e52b365
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: twitter-video-downloader Version: 1.0.1 The skill bundle provides a utility for downloading Twitter videos using yt-dlp, but it contains shell injection vulnerabilities in scripts/download.sh and scripts/info.sh. The $PROXY_ARGS variable is expanded without quotes in shell commands, which could allow for arbitrary command execution if a crafted proxy string (e.g., containing semicolons or backticks) is provided. While the tool's behavior aligns with its stated purpose of assisting users with video downloads, the lack of input sanitization on the proxy parameter poses a security risk.
External report: View on VirusTotal