Back to skill
Skillv1.0.0
VirusTotal security
MiniMax Media Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 11:11 AM
- Hash
- 3621c34fb1a5dffa91ad0a59c9deed9555d180388aa59978c75c5c985609c037
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rocky-minimax-media Version: 1.0.0 The skill bundle contains multiple security vulnerabilities and poor practices. Specifically, `generate.sh` and `scripts/minimax.sh` are vulnerable to shell command injection because user-provided prompts and filenames are used directly within shell commands without sanitization. Additionally, `generate.sh` contains a hardcoded MiniMax API key and hardcoded absolute file paths (`/Users/rocky/Desktop`), which are characteristic of unvetted development scripts. While these issues allow for potential exploitation, there is no clear evidence of intentional malice or data exfiltration.
- External report
- View on VirusTotal