Back to skill
Skillv0.1.1
VirusTotal security
Ai Director · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:19 AM
- Hash
- 1a0b71cb75ca06a0da4a876e585a4501ffc874513e10f2702d4eb7fa2116544c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-director Version: 0.1.1 The skill bundle provides a complex integration for AI video generation but contains significant security vulnerabilities and broken logic. Specifically, 'ad-account-manager.js' includes a function 'updateAccountAndSync' that attempts to write credentials to undefined file paths and execute an undefined sync script, which indicates risky credential management practices. Furthermore, 'auto-iterate.js' is vulnerable to shell injection as it passes user-controlled prompts directly into 'execSync' calls. While these issues appear to be unintentional bugs or poor architectural choices rather than deliberate malware, they create a high-risk environment for prompt injection and unauthorized command execution.
- External report
- View on VirusTotal