Back to skill
Skillv1.0.0
VirusTotal security
video-frames · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:04 AM
- Hash
- 96c373700e8056f642e5f7a21cdf2b4e602e5fe2f0ffa1bacaa3314f204274e1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: video-frames-skill Version: 1.0.0 The skill bundle contains high-risk installation instructions in SKILL.md that direct the AI agent to execute a remote script via 'curl | bash' (from raw.githubusercontent.com/indulgeback/video-frame-extractor/main/install.sh). This pattern is a classic vector for arbitrary code execution. Additionally, the instructions and the scripts/diagnose.sh file involve modifying the user's shell configuration (~/.zshrc) and environment. While these actions are consistent with the stated purpose of installing a video processing utility, the reliance on unverified remote payloads and persistent environment modifications poses a significant security risk to the host system.
- External report
- View on VirusTotal