Back to skill
Skillv0.2.5
VirusTotal security
Video Sourcing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:27 AM
- Hash
- ad39810b986c5fa948042de18b035099e70417eb5d0c4e08465caf1473910732
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: video-sourcing Version: 0.2.5 The skill requires host runtime execution (sandbox off) and performs automated bootstrapping by cloning and executing code from an external GitHub repository (Memories-ai-labs/video-sourcing-agent) via the script run_video_query.sh. While the logic appears aligned with its stated purpose of video sourcing, the practice of downloading and running unverified remote payloads on the host with access to sensitive environment variables (GOOGLE_API_KEY, YOUTUBE_API_KEY) is a high-risk pattern that could be exploited if the remote repository is compromised.
- External report
- View on VirusTotal