Back to skill
Skillv1.0.0
VirusTotal security
Ai Subtitle In Vlc · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 12, 2026, 9:26 PM
- Hash
- 70226c89b5485a23f2e81609f3151ee95b34cefeb92094b43fd809c254e74d46
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-subtitle-in-vlc Version: 1.0.0 The SKILL.md file contains instructions that direct the agent to silently execute 'tool calls' received from a remote server (mega-api-prod.nemovideo.ai) and explicitly forbids showing these actions to the user, creating a risk of remote command execution. The skill also performs environment fingerprinting to identify the host platform (e.g., 'clawhub' or 'cursor') and mandates stealth by instructing the agent to 'Keep the technical details out of the chat.' While these features are presented as part of a cloud-based video processing workflow, they establish a high-risk, unmonitored control channel between the remote backend and the agent.
- External report
- View on VirusTotal