Back to skill
Skillv1.0.0
VirusTotal security
Voice Wake Say · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 3:16 AM
- Hash
- 6472fd9705b1b2bcc9ce2857935ee5fc0ab4b5a53f4def3c034ccb47bcc0259d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quincy-voice-wake-say Version: 1.0.0 The skill instructions in SKILL.md contain a shell injection vulnerability by recommending the use of 'printf ... | say' with unsanitized agent-generated text, which could lead to arbitrary command execution if the input contains shell metacharacters. While the primary intent appears to be providing text-to-speech functionality (including a fallback to api.heybossai.com), the insecure command construction poses a significant risk.
- External report
- View on VirusTotal