Back to skill
Skillv1.0.0
VirusTotal security
Alibaba Ai Video Wan Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 28, 2026, 2:21 AM
- Hash
- b6545365e34afb68a24e3a94731c05897fe34e03412d2bf293ba8ccba0aa5dec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alibaba-ai-video-wan-video Version: 1.0.0 The skill bundle contains a hardcoded Alibaba DashScope API key (sk-96743cd524f74354867007c0207df7b8) within both scripts/generate-video.sh and scripts/wanx-video.sh, which is a major security vulnerability. While the scripts appear to perform their stated function of video generation, the inclusion of hardcoded credentials and the lack of shell argument escaping when constructing JSON payloads for curl (potential injection) pose a risk. No evidence of intentional data exfiltration or malicious backdoors was found, but the poor security practices warrant a suspicious classification.
- External report
- View on VirusTotal