Back to skill
Skillv1.0.1
VirusTotal security
Story Master/通过图谱和管道方式创建剧本 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:17 AM
- Hash
- 3a4b5780d836be03f9397cf0dbdbb62d3e358b16a8ef8991f124d7c815e14bf6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: story-master Version: 1.0.1 The skill bundle implements a story generation pipeline but contains a path traversal vulnerability in 'scripts/graph_manager.py', where the 'pipeline_id' is used to construct file paths without sanitization. While the code primarily manages local state in 'data/pipeline_state.json', 'SKILL.md' instructs the AI agent to interact with an external webhook (https://framedream.art/n8n/webhook-test/open_frame_construct) for graph storage, which is not implemented in the provided Python scripts. This discrepancy and the lack of input validation on file operations pose a security risk, although no clear evidence of intentional malice was found.
- External report
- View on VirusTotal