Back to skill
Skillv0.1.0
VirusTotal security
Comfy Story Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:27 AM
- Hash
- 8559adbf821cfbf2f57fe708a243138b4c739a5165639b32603987269ecdc84c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comfy-story-video Version: 0.1.0 The skill contains a significant shell injection vulnerability in 'scripts/generate_story_video.py' due to the use of 'os.system()' to execute 'say' and 'ffmpeg' commands with unsanitized input derived from the '--theme' argument. While the code's logic appears aligned with its stated purpose of generating children's stories via ComfyUI (http://127.0.0.1:8188), the lack of input validation allows for arbitrary command execution if a malicious theme string is provided. No evidence of intentional malice, data exfiltration, or persistence was found.
- External report
- View on VirusTotal