Back to skill
Skillv1.0.1
VirusTotal security
Mimimax Voice Clone +TTS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:34 AM
- Hash
- 154d7b0b417cb0dfca6c0bf10e1b81dd4549508eb9305bb414806b2af869996c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voiceclone Version: 1.0.1 The skill provides voice cloning and TTS capabilities using the MiniMax API (api.minimax.io). A security vulnerability exists in `scripts/minimax_voice_clone_tts.py` within the `update_skill_registry` function, which implements a 'write-back' feature to persist voice mappings into `SKILL.md`. This function lacks input sanitization for the `display_name` and `voice_id` parameters, allowing for indirect prompt injection by inserting malicious markdown instructions into the skill's documentation. While the behavior is documented and aligned with the skill's stated purpose, the self-modifying nature of the instructions poses a high-risk surface for attacking the AI agent.
- External report
- View on VirusTotal