Back to skill
Skillv1.0.1
VirusTotal security
TencentCloud Video Face Fusion · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- a924520b291fdcf5b6ec9544dcd1bf6ce18ab1310124ad8b36e51cdf9e884609
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tencentcloud-video-face-fusion Version: 1.0.1 The skill provides a functional integration with Tencent Cloud's Video Face Fusion API but exhibits several high-risk behaviors. The SKILL.md file contains explicit prompt-injection instructions (the 'Zero Interaction Principle') that direct the AI agent to execute scripts without user confirmation, bypassing a critical safety layer. Furthermore, the Python scripts (main.py, submit_job.py, query_job.py) use subprocess to automatically install dependencies via pip and include logic to read and base64-encode local files based on user-provided paths without sufficient validation, which could be exploited for local file disclosure if the agent is manipulated.
- External report
- View on VirusTotal