Back to skill
Skillv0.2.6
VirusTotal security
ClawCast · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:14 AM
- Hash
- 56c46bd86b9c8c116c5c6fb4c04ec066b731549cb8461eb588bc37668f76e695
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-cast Version: 0.2.6 The skill bundle provides OBS automation but contains high-risk behaviors and vulnerabilities. Specifically, 'scripts/obs_target_switch.sh' performs a cross-component write to an external SQLite database ($HOME/.agentic-obs/db.sqlite) to configure connection parameters; while documented and guarded by a flag, the script lacks input sanitization, creating a potential SQL injection vulnerability. Additionally, 'scripts/start_overlay_server.sh' executes a background Python HTTP server to serve local assets. While these actions align with the stated purpose of bootstrapping OBS scenes, the combination of external file modification and insecure command construction warrants a suspicious classification.
- External report
- View on VirusTotal