Back to skill
Skillv1.0.1
VirusTotal security
Telnyx Stt · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:46 AM
- Hash
- 114e15f88389818ba547cf081f38821c656d6a4f5064ac6acb187cc853731ea2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telnyx-stt Version: 1.0.1 The skill is classified as suspicious due to an arbitrary file read vulnerability in `scripts/telnyx-stt.py`. The script takes an `audio_path` as input and reads its content without validation, then sends it to the legitimate Telnyx API. While the script's intent is to process audio, an attacker could exploit this by providing a path to a sensitive file (e.g., `/etc/passwd`, `~/.ssh/id_rsa`), causing its contents to be read and transmitted to `https://api.telnyx.com`. This constitutes a significant data exposure risk, even if not directly exfiltrated to an attacker-controlled server, but lacks clear evidence of intentional malicious behavior by the skill's author.
- External report
- View on VirusTotal