Back to skill
Skillv0.1.1
VirusTotal security
Media Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:32 AM
- Hash
- 9c5417d6b9bc5f773262d3b80f28c9279c9cc7d3ecb54484808d54c1db500d13
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: media-orchestrator Version: 0.1.1 The skill is designed to resolve, download, and deliver media using `yt-dlp` and a local `spotify-surface` script. The `orchestrator.py` script uses `subprocess.run` to execute necessary tools (`yt-dlp`, `openclaw message`, `python3 spotify_surface.py`) but passes user-controlled inputs as distinct arguments in lists, mitigating shell injection risks. File operations are confined to the OpenClaw workspace. The `SKILL.md` contains no prompt injection attempts. While the term 'Zero-Auth scraping' for Spotify metadata is noted, its stated purpose is local metadata resolution, not exfiltration, and the implementation delegates to a local script without showing malicious intent in the provided files.
- External report
- View on VirusTotal