Back to skill
Skillv1.1.0
VirusTotal security
media-processor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 8:53 AM
- Hash
- b984e2003f2bdc5b2ff9f20cd00a5f1a156b5a1002a4f0c1e5c6d1f61a6f8852
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: media-processor-agent Version: 1.1.0 The media processor skill lacks input validation on the 'input' parameter in run.py, allowing for arbitrary local file reads and potential Server-Side Request Forgery (SSRF) via remote URLs. While these capabilities are aligned with the tool's stated purpose of processing images and videos, the absence of path sanitization or URL whitelisting constitutes a security vulnerability that could be exploited to access sensitive system files (e.g., /etc/passwd) or internal network resources.
- External report
- View on VirusTotal