Back to skill
Skillv1.0.0
VirusTotal security
ffmpeg剪辑大师 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 4, 2026, 3:32 PM
- Hash
- 1d7d146876460be6a2794ff5c7c9cbc69f8dd78d35ee34d5eb8cc4e027a3f95c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ffmpeg-multimedia-editing Version: 1.0.0 The skill bundle provides a comprehensive set of multimedia editing tools using FFmpeg, but it contains several security vulnerabilities. Specifically, scripts like `video_watermark.py` and `video_subtitle.py` construct FFmpeg filter strings by interpolating user-provided arguments (such as `--text`, `--font-color`, and `--style`) without adequate sanitization, which could lead to FFmpeg filtergraph injection. Furthermore, `video_watermark.py` uses the `movie` filter with user-controlled paths, a known risk for unauthorized file access in FFmpeg. The scripts also specify an unusual requirement for a future Python version (`>=3.14`) in their metadata. While the behavior aligns with the stated purpose and lacks clear evidence of intentional malice, these vulnerabilities pose a risk if the agent is manipulated via prompt injection.
- External report
- View on VirusTotal