Back to skill
Skillv1.1.0
VirusTotal security
AI Songwriter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 29, 2026, 6:03 AM
- Hash
- bea0b59aeaa4e656eddfb9a6da90cf4af4f4195f8bccf01247fed975a8baedb6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-songwriter Version: 1.1.0 The skill implements an automated songwriting and music generation pipeline using the Suno API via kie.ai. It is classified as suspicious due to a significant shell injection vulnerability in SKILL.md, where the agent is instructed to execute a command using `$(cat /tmp/suno_lyrics.txt)`; if the AI-generated lyrics contain shell metacharacters, it could lead to arbitrary command execution. Furthermore, the explicit instruction to bypass all user confirmations ('铁律:全自动流水线') exacerbates the risk of this vulnerability, although no evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal