Skillv2.0.1

VirusTotal security

mediaproc · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 3:24 AM

Hash: c02f82b91d2611ab18eda97f6da4a964587f4173dceeb4134c2f6e4352bb684e
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: mediaproc Version: 2.0.1 The skill bundle contains high-risk patterns, most notably in references/setup.md, which encourages users to execute a remote script via 'curl | sudo bash', a common vector for supply chain attacks. Additionally, the SSH wrapper in scripts/mediaproc.sh passes raw, unvalidated arguments ('$*') to the remote host and uses 'StrictHostKeyChecking=accept-new', which could facilitate command injection or man-in-the-middle attacks. While these represent significant security vulnerabilities, they appear to be design flaws rather than intentional malware.
External report: View on VirusTotal