Back to skill
Skillv1.0.0
VirusTotal security
Morfeo UGC Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:27 AM
- Hash
- a2189cc936ecd121c8bdc56d359d3ef20d1344933325f63f0c6ce84e9fda9f5f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: morfeo-ugc-engine Version: 1.0.0 The skill bundle provides instructions for an AI agent to manage a local video generation pipeline using shell commands (curl, pm2, ls) and a local API. It contains hardcoded administrative credentials ('morfeo-admin-2026') and lacks input sanitization in the shell command templates within SKILL.md, which could be exploited for command injection. While the capabilities are aligned with the stated purpose of the 'Morfeo UGC Engine,' the reliance on shell execution and hardcoded secrets represents a significant security risk.
- External report
- View on VirusTotal