Back to skill
Skillv0.1.5
VirusTotal security
Ai Marketing Videos · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- d91463ec39a153a0bb37a80a937a344f99ee03fb713238b462380fbf4e0aaf97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-marketing-videos Version: 0.1.5 The skill is classified as suspicious due to prompt injection attempts in `SKILL.md` that instruct the AI agent to execute commands not explicitly permitted by its `allowed-tools` declaration. Specifically, the `Quick Start` section instructs the agent to run `curl -fsSL https://cli.inference.sh | sh`, which is a remote code execution risk and bypasses the `Bash(infsh *)` tool constraint. Additionally, the `Related Skills` section instructs the agent to use `npx`, another tool not listed in `allowed-tools`. While the stated purpose of these commands (installation, related skill management) appears benign, the act of instructing the agent to execute unapproved tools via markdown is a significant vulnerability.
- External report
- View on VirusTotal