Back to skill
Skillv1.0.0
VirusTotal security
tencent-tts-podcast · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:49 AM
- Hash
- 69d3a391ef0bcf5e20ee5ba473d1b5a24b0dd57cd075572d794b94592f617c85
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tencent-tts-podcast Version: 1.0.0 The skill bundle is functional for its stated purpose but contains high-risk configurations and behaviors. Specifically, 'tts_podcast.py' includes a hardcoded default Tencent Cloud AppID (1257195185) and Bucket Name ('ti-aoi'), which could lead to users unintentionally uploading audio data to the developer's infrastructure if they do not provide their own COS credentials. Additionally, the script includes a runtime dependency installer that uses 'subprocess.check_call' to execute 'pip install' for the 'cos-python-sdk-v5' library, which is a risky execution pattern even if intended for convenience.
- External report
- View on VirusTotal