Back to skill
Skillv1.0.1
VirusTotal security
Gettr Transcribe · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 4b3b859e79cc9f62ef221a4e40dfc1592862f84517ffcf5898152a5f4d7b5d57
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gettr-transcribe Version: 1.0.1 The skill is classified as suspicious due to a shell injection vulnerability present in `scripts/download_audio.sh` and `scripts/run_pipeline.sh`. These scripts directly use unsanitized user-controlled input, specifically the `$VIDEO_URL` and potentially the `$LANGUAGE` argument, within `ffmpeg` and `mlx_whisper` commands. While the `SKILL.md` instructs the agent to obtain the URL via browser automation from a GETTR page, an attacker could potentially craft a malicious URL or prompt-inject the agent to provide arbitrary input, leading to arbitrary command execution on the host system. There is no evidence of intentional malicious behavior such as data exfiltration or persistence mechanisms, classifying this as a vulnerability rather than outright malice.
- External report
- View on VirusTotal