Back to skill
Skillv1.0.0
VirusTotal security
Yandex Speechkit STT via Telegram Gateway · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:56 AM
- Hash
- a26b7c8abb41ea4dbe64b696a5fea7182db3484d879c1848f65bbadb6027bd43
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yandex-speechkit-stt Version: 1.0.0 The skill is designed to process voice messages via Yandex SpeechKit and send the recognized text back to the OpenClaw platform. It is classified as 'suspicious' due to the use of `subprocess.run` in `scripts/voice_processor.py` to execute `openclaw message send` with user-controlled recognized text as an argument. This presents a potential shell/argument injection vulnerability if the `openclaw` binary or the underlying OpenClaw platform does not adequately sanitize or escape the `--message` argument, which could lead to remote code execution or prompt injection against the agent. While the intent of the skill is benign, this interaction point represents a significant vulnerability.
- External report
- View on VirusTotal