Back to skill
Skillv1.5.2
VirusTotal security
Medeo Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 8, 2026, 7:21 AM
- Hash
- 955ba3bdb915b81118cb9e20ba16d0c1e5dd85ffa26909d594762b35873895f5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: medeo-video Version: 1.5.2 The skill bundle provides legitimate video generation features but employs high-risk patterns and broad permission requests. Specifically, SKILL.md and scripts/feishu_send_video.py instruct the AI agent to read the master OpenClaw configuration file (~/.openclaw/openclaw.json) to extract sensitive third-party credentials (appId/appSecret). Additionally, medeo_video.py implements prompt manipulation by prepending a hidden 'TIMELINE_INSTRUCTION' to user inputs to control the backend AI's behavior. While these actions are aligned with the stated goal of multi-platform delivery, the practice of having an agent programmatically parse its own master secret store and manipulate user prompts is a significant security risk.
- External report
- View on VirusTotal