Back to skill
Skillv1.0.0
VirusTotal security
连续短剧剧情构建 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:18 AM
- Hash
- 8f1421223b7aa8ff6175e208036f138ee66184e48901829830f0149d8d8d66a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shorts-builder-cn Version: 1.0.0 The skill bundle contains a path traversal vulnerability in `scripts/graph_manager.py`, where the `pipeline_id` parameter is used to construct file paths without sanitization, potentially allowing an attacker to read or write JSON files outside the intended directory. Additionally, there is a discrepancy between the documentation in `SKILL.md`, which directs the agent to use an external webhook (https://framedream.art/n8n/webhook-test/open_frame_construct) for data storage, and the actual Python implementation which uses local storage; this could lead to unintended data exfiltration if the agent follows the markdown instructions.
- External report
- View on VirusTotal