Back to skill
Skillv1.0.0
VirusTotal security
cutmv Video Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- b6b8adced85a41ebd82194fc176ccf8c26db89e54323996fe74f751dd9d81e43
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cutmv-video-tool Version: 1.0.0 The `skill.py` file contains critical vulnerabilities. Most notably, the `get_video_info` method uses `eval()` on the `r_frame_rate` value obtained from `ffprobe` output. This creates a Remote Code Execution (RCE) vulnerability, as a specially crafted video file could embed malicious Python code in its metadata, which would then be executed. Additionally, the `add_subtitle` method directly inserts user-provided `subtitle_file` and `style` parameters into FFmpeg filter strings without proper escaping, leading to potential FFmpeg filter injection. Path traversal is also possible as input/output file paths are used directly without sanitization. These are severe vulnerabilities that could be exploited, classifying the skill as suspicious.
- External report
- View on VirusTotal