Back to skill
Skillv0.1.0
VirusTotal security
Telegram Multilingual Voice Reply · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:18 AM
- Hash
- 3f03800b3716118f996c0dd75c980838f0f1f8c3128623facf6cee7f28f4b892
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telegram-multilingual-voice-reply Version: 0.1.0 The `SKILL.md` file instructs the AI agent to execute `python3` scripts (`scripts/mlx_asr.py` and `scripts/mlx_tts_voice.py`) with arguments directly derived from user input (e.g., audio file paths, language, generated reply text). This creates a significant shell injection vulnerability if the OpenClaw agent does not rigorously sanitize or escape user-controlled input when constructing and executing these shell commands. While the Python scripts themselves use `subprocess.run` with lists (generally safer), the risk lies in how the agent constructs the initial command string, which could lead to arbitrary code execution on the host system.
- External report
- View on VirusTotal