Back to skill
Skillv1.0.0
VirusTotal security
Talking Circle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 6e1f2fcac1a3795531d15b7d7191773c6d3a5263a110906be2984918e6a7a352
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: talking-circle Version: 1.0.0 The skill is classified as suspicious due to a critical vulnerability: the `scripts/make_salute_text_to_video.py` script disables SSL certificate verification (`verify=False`) for API calls to SaluteSpeech (Sberbank) endpoints. This exposes sensitive credentials (`SALUTE_SPEECH_AUTH`) and data to potential Man-in-the-Middle (MITM) attacks. While the code's primary purpose is benign (video generation), this security flaw could lead to unauthorized access or data interception. Other `subprocess.run` calls appear to be safely constructed, and prompt injection risks against the image generation AI are a concern for the broader system rather than direct malicious intent within this skill's instructions.
- External report
- View on VirusTotal