Back to skill
Skillv1.0.0
VirusTotal security
Video Understanding · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:28 AM
- Hash
- 282a086ac3a550b6211200de130a85b21a13b893e01c3e95f959ae18a6f25d2d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: video-learn Version: 1.0.0 The skill aims to understand and analyze video content. The `references/resources.md` file documents the `yt-dlp` command-line tool, providing examples like `yt-dlp "URL"` and `yt-dlp --write-subs "URL"`. Given that `SKILL.md` mentions 'speech to text (needs extra tools)', it is highly probable the AI agent will be instructed to use `yt-dlp` with user-provided video URLs. Executing `yt-dlp` with unsanitized user input creates a critical shell injection vulnerability, leading to potential Remote Code Execution (RCE). This constitutes a significant security risk, classifying the skill as suspicious due to this severe vulnerability.
- External report
- View on VirusTotal