Tvscreener
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tvscreener Version: 1.0.0 The skill bundle is classified as suspicious due to an arbitrary file write vulnerability. The scripts `scripts/custom_query.py` and `scripts/query_symbol.py` both accept a `--csv` argument, which allows a user to specify an arbitrary file path to write the query results. This could be exploited to overwrite sensitive files on the system if the agent has sufficient permissions. There is no evidence of malicious intent such as data exfiltration, backdoor installation, or prompt injection against the agent to perform unauthorized actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the wrapper may change the local Python environment by installing the latest available tvscreener package.
The wrapper can install or upgrade the external `tvscreener` package automatically if the import check fails, and the version is not pinned.
"$PYTHON_BIN" - <<'PY' >/dev/null 2>&1 || "$PYTHON_BIN" -m pip install -q -U tvscreener
Use a virtual environment and consider pinning or reviewing the tvscreener package version before relying on the wrapper.