Back to skill
Skillv0.0.1
VirusTotal security
autoglmasr · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- 3770048eb12402b2b8800c3b4ff24bb147892019d4b2bc260ed813b83b45a314
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: autoglmasr Version: 0.0.1 The skill instructs the agent to execute `npx autoglm-asr-mcp` for installation and operation. This command downloads and runs an external Node.js package, introducing a supply chain risk where a compromised package could lead to arbitrary code execution on the agent's host. Additionally, the `transcribe_audio` tool accepts an `audio_path` parameter as an absolute file path, which, if not properly validated by the underlying service, could be exploited for Local File Inclusion (LFI) by a malicious user. The skill's core functionality involves legitimate external network calls to `https://open.bigmodel.cn/api/paas/v4/audio/transcriptions`.
- External report
- View on VirusTotal