Back to skill
Skillv4.1.2
VirusTotal security
YouTube SkillForge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 5:00 AM
- Hash
- 93ebc39d91ad1f7de06d449390e2c9c0f8d6d4257896c8c7c40f47d0e5f87771
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: youtube-skillforge Version: 4.1.2 The skill appears benign. The `SKILL.md` transparently describes its functionality, explicitly stating it does not handle user credentials and that its internal server uses stdio transport with 'no network exposure'. File system writes are confined to `~/.skillforge/` and require user consent. There are no indicators of prompt injection, data exfiltration, malicious execution, persistence mechanisms, or obfuscation in the provided files. The dependencies (`yt-dlp` and its own npm package) are standard and align with the stated purpose.
- External report
- View on VirusTotal