Back to skill
Skillv1.0.0
VirusTotal security
Douyin Video Fetch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:05 AM
- Hash
- 5f3a409849e9b9162a7032e933ddc550b612e520b1df1bbce197fd7b9effad72
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-video-fetch Version: 1.0.0 The `scripts/fetch_video.py` skill is classified as suspicious due to vulnerabilities in its input handling. Specifically, the `--file` argument allows reading from an arbitrary file path, which could be exploited for arbitrary file read (e.g., `/etc/passwd`). Additionally, the `--output-dir` argument, if controlled by an attacker, could potentially lead to path traversal, allowing files to be written outside the intended skill directory. While the skill's stated purpose of downloading Douyin videos is legitimate and the `SKILL.md` instructions are benign, these file system access vulnerabilities pose a risk if the agent is instructed to provide malicious arguments.
- External report
- View on VirusTotal