Back to skill
Skillv1.0.0
VirusTotal security
Intelligent Video Search & Retrieval Analysis Skill | 视频搜索检索智能分析技能 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 18, 2026, 6:01 AM
- Hash
- 09b245350b7aafc11ad235ca0ed8edadc750f363152acfabbbfa0942fbc7044f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smyx-video-search-analysis Version: 1.0.0 The skill bundle exhibits high-risk behavior through complex credential management and execution capabilities. It implements a local SQLite database (smyx-common-claw.db) to persist user tokens and 'open-ids' (which may include phone numbers), and includes a utility in `skills/smyx_common/scripts/skill.py` that can recursively invoke the `openclaw` agent via `subprocess.run`. Furthermore, `SKILL.md` contains 'Mandatory Memory Rules' that explicitly command the AI agent to ignore its own local memory files and long-term storage, forcing exclusive reliance on the developer's cloud API (open.lifeemergence.com). While these features appear intended for a production-grade service integration, the combination of credential caching, recursive CLI invocation, and strict memory-access overrides creates a significant surface for control and data redirection.
- External report
- View on VirusTotal