Back to skill
Skillv2.0.6
VirusTotal security
B2C Mobile App Marketing Coach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:53 AM
- Hash
- afed855f76f18c312d41a1aec2b3184bdf0adcdcd22f794a2e6edafb90a2bcad
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: b2c-marketing Version: 2.0.6 The skill bundle instructs the AI agent to execute shell commands directly, specifically using `ffmpeg` for video frame extraction and implicitly managing cron jobs for post-scheduling, as detailed in `SKILL.md`. These direct command executions introduce significant shell injection vulnerabilities (Remote Code Execution risks) if user-provided inputs, such as video filenames, are not rigorously sanitized. While the stated purpose is benign marketing automation, the presence of these exploitable capabilities without clear input sanitization measures makes the skill bundle highly susceptible to malicious exploitation.
- External report
- View on VirusTotal