Back to skill
Skillv1.0.1
VirusTotal security
抖音视频转文字 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:36 AM
- Hash
- 6f22e0e7e466aa286f38d66a9aaf786290ea0b203a274be8b49b9ad7f427a69f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-transcribe Version: 1.0.1 The skill provides legitimate functionality for transcribing Douyin videos but contains a significant shell injection vulnerability in `scripts/transcribe.js`. The `runCommand` function uses `execSync` with unsanitized string interpolation of user-provided URLs and file paths, which could allow arbitrary command execution if a malicious input is processed. While the skill's behavior aligns with its stated purpose and uses reputable APIs (Groq/OpenAI), the high-risk execution pattern and the handling of sensitive API keys in environment variables warrant a suspicious classification.
- External report
- View on VirusTotal