Back to skill
Skillv3.2.1
VirusTotal security
Video Download Transcribe · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 19, 2026, 12:56 PM
- Hash
- ac9243d347d158a0ce0edc397d3dc417a82d0e4233df65c6b8e79a88977fa012
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: video-download-transcribe Version: 3.2.1 The skill bundle exhibits high-risk behavior by using `subprocess.run` to execute shell commands and dynamically constructed Python scripts for video processing and browser automation. It contains hardcoded absolute paths (e.g., `/Users/kk/...` in `server.py` and `setup.sh`) and instructs the AI agent to perform local system configurations and execute shell scripts. While these actions are aligned with the stated purpose of video downloading and transcription, the reliance on external binaries (yt-dlp, ffmpeg, Playwright) and the construction of sub-processes via string interpolation in `server.py` create a significant attack surface for potential command or script injection.
- External report
- View on VirusTotal