Back to skill
Skillv1.0.0
VirusTotal security
doubao-tts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 12:41 PM
- Hash
- 77e7d069cef7faca50dc8644f923a65bb57071037a8344d3f80cbc1347a40bc2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: doubao-tts-http Version: 1.0.0 The skill contains shell script logic in SKILL.md that is vulnerable to command injection. Specifically, the use of variables like '$save_path' and '$text' in shell commands and redirections lacks proper sanitization, which could allow an attacker to execute arbitrary commands if the agent processes malicious input. While the skill appears to legitimately implement Volcengine TTS (using the official endpoint openspeech.bytedance.com), the insecure handling of shell arguments constitutes a significant vulnerability.
- External report
- View on VirusTotal