Back to skill
Skillv1.0.1
VirusTotal security
秦丝旺剪 - AI智能视频剪辑 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- c2d8c6a1ea13a29d64fc8d289e2a3cfd733ac0b4a8e025b400d71d8d235c42d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wangcut Version: 1.0.1 The skill bundle provides integration for the Wangcut (秦丝旺剪) video editing API but exhibits insecure credential handling and misleading documentation. Specifically, `wangcut_api.py` stores user passwords in plain text within a local `config.ini` file, despite comments in `setup_config` claiming the password would be MD5 encrypted before storage. Additionally, `SKILL.md` instructs the AI agent to prompt users to provide their account credentials directly in the chat interface, which exposes sensitive secrets to chat history and logs. While the code appears functional for its stated purpose and communicates with legitimate domains (cloud.qinsilk.com), these vulnerabilities represent significant security risks.
- External report
- View on VirusTotal