Back to skill
Skillv0.2.0
VirusTotal security
Terrain Route Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:19 AM
- Hash
- 83b76f9a3341b81cfb63682b99ed5d798d68e19d98f65c00bd27dd9c2bb89198
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: terrain-route-video Version: 0.2.0 The skill is classified as suspicious due to a potential arbitrary file read vulnerability. The `scripts/terrain_route_video.py` script accepts a `--font` argument, which defaults to a system path (`/System/Library/Fonts/Hiragino Sans GB.ttc`). If an OpenClaw agent allows user-controlled input for this argument without proper sanitization, an attacker could specify an arbitrary file path (e.g., `/etc/passwd` or `~/.ssh/id_rsa`) to attempt to read its contents via `matplotlib.font_manager.FontProperties(fname=...)`. While there is no evidence of intentional malicious behavior like data exfiltration or backdoors, this vulnerability could lead to information disclosure.
- External report
- View on VirusTotal