Back to skill
Skillv0.1.0
VirusTotal security
Music Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:35 AM
- Hash
- 000745f7290586e044784b1986228ecd6e2fcce2aad589942017d95dac60ea59
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: music-search Version: 0.1.0 The skill provides music search functionality by scraping cloud drive links from search engines and resource pages. It exhibits high-risk behaviors including the automatic installation of Python dependencies via pip (supply chain risk) and the ability to fetch arbitrary URLs via the 'resolve' command in music-search.js, which could be leveraged for SSRF. While these capabilities are plausibly needed for the stated purpose of deep-scraping music resources and the code lacks evidence of intentional malice or data exfiltration, the broad permissions and execution of external commands meet the criteria for a suspicious classification.
- External report
- View on VirusTotal