Back to skill
Skillv1.0.0
VirusTotal security
vhs-recorder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:27 AM
- Hash
- 4cfa6c9941503be4b285f76e0432799fc4aef7f6dbd0a0ec65ee46a659a87074
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vhs-recorder Version: 1.0.0 The skill bundle is designed to guide an AI agent in creating terminal recordings using the `vhs` tool. While the stated purpose is benign, the `references/examples.md` file contains illustrative `tape` file examples that include commands with significant system interaction capabilities, such as `git clone repo`, `npm install`, `docker build`, `docker run`, and `rm -rf repo`. These commands, while presented in a benign context for demonstration and cleanup, represent risky capabilities (network access, file system modification, process execution) that, if misused by an agent (e.g., due to a malicious or ambiguous user prompt), could lead to harmful actions. The skill itself does not exhibit malicious intent, but it exposes and demonstrates these high-risk capabilities without explicit safeguards.
- External report
- View on VirusTotal