Back to skill
Skillv1.0.0
VirusTotal security
Openai Whisper Api · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- 5ff836cb938859d25922ce56efad9212ecdd4f4fc82703168d02b2a338129e8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openai-whisper-api Version: 1.0.0 The skill is classified as suspicious due to a local file write vulnerability in `scripts/transcribe.sh`. The `--out` parameter allows the user to specify an arbitrary file path for the transcription output, which could lead to overwriting sensitive files (e.g., configuration files, startup scripts) if the user has write permissions to those locations. While the skill's primary purpose is legitimate, this lack of output path validation presents a significant security risk, potentially enabling data corruption or persistence if exploited by a malicious actor.
- External report
- View on VirusTotal