Back to skill
Skillv0.1.0
VirusTotal security
Voice To Protocol Transcriber · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:08 AM
- Hash
- 68f0fbea43ae3067a45e91f6e9598c3cd8894d5e8b0dad5f1e21dbf7b3a18bb6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-to-protocol-transcriber Version: 0.1.0 The skill contains a path traversal vulnerability in `scripts/main.py`, where the `experiment_name` input is used to construct file paths without sanitizing directory traversal sequences (e.g., `../`), potentially allowing files to be written outside the intended directory. Additionally, there is a significant discrepancy between `SKILL.md`, which claims to support real-time voice recognition and requires external libraries like `pyaudio`, and the actual implementation in `scripts/main.py`, which is a basic text-only logger using standard libraries. While no clear evidence of malicious intent was found, the combination of a file-writing vulnerability and misleading documentation warrants a suspicious classification.
- External report
- View on VirusTotal