Back to skill
Skillv1.0.0
VirusTotal security
Download-video-tiktok · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:38 AM
- Hash
- 1cfdc229efb019664a9df2f3b58ad58bd7c8df7facc75365daa98966d11b7d30
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: download-video-tiktok Version: 1.0.0 The skill bundle is designed to download TikTok videos using yt-dlp, which is a legitimate function. However, it is classified as 'suspicious' due to instructions in `SKILL.md` and `advanced.md` that pose significant security risks. Specifically, the skill instructs the AI agent to use `yt-dlp`'s `--cookies-from-browser` option, which could expose sensitive browser cookies if the agent's environment is not properly sandboxed. Additionally, the skill suggests using `apt-get install ffmpeg -y`, implying the agent might operate with root/sudo privileges, presenting a privilege escalation risk. These capabilities, while intended for legitimate use cases (e.g., accessing private content), introduce critical vulnerabilities if exploited via prompt injection or an insecure agent setup.
- External report
- View on VirusTotal