Back to skill
Skillv1.0.2
VirusTotal security
UGC Manual · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:48 AM
- Hash
- cbeb5cd8e6e66dc5a6271d64efeb043bd1d60e34c9f0808b511976aa48380d82
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: ugc-manual Version: 1.0.2 The skill bundle is benign. The `SKILL.md` provides clear instructions for generating lip-sync videos using an image and audio, and does not contain any prompt injection attempts against the AI agent. The `scripts/generate.py` Python script implements this functionality by interacting with the `https://api.comfydeploy.com` API for file uploads, workflow queuing, and video downloads. It also uses `subprocess.run` to execute the `ffmpeg` command for audio conversion, which is explicitly mentioned in the documentation and implemented safely using a list of arguments, mitigating shell injection risks. All network and file system operations are directly related to the skill's stated purpose, and there is no evidence of malicious intent such as data exfiltration, unauthorized remote execution, or persistence mechanisms.
- External report
- View on VirusTotal