Back to skill
Skillv0.1.0
VirusTotal security
Openclaw Skill Cutmv Video Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:37 AM
- Hash
- 34cca5602e3b0f97b97d6963c355d0aec5ecc0d1e38e0bc7774bbbdd71337018
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-cutmv-video-tool Version: 0.1.0 The skill is designed for legitimate video processing using FFmpeg. However, it contains significant vulnerabilities. The `skill.py` file uses `eval()` on `ffprobe` output in the `get_video_info` function, which is a critical RCE vulnerability if an attacker can craft a malicious video file to control `ffprobe`'s output. Additionally, the `add_subtitle` function directly interpolates the user-provided `style` parameter into an FFmpeg filter string, allowing for potential FFmpeg filter injection. While there is no evidence of intentional malicious behavior, these vulnerabilities could be exploited for harmful actions.
- External report
- View on VirusTotal