Back to skill
Skillv1.0.0
VirusTotal security
漫剧 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 26, 2026, 1:56 PM
- Hash
- 54396bf8801e6337ef84c172388a4699ec3f455b198632649ba51a9095e76ff4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: libtv Version: 1.0.0 The skill bundle contains a potential arbitrary file read vulnerability in `libtv_qunqin.py`. The script accepts a user-provided `story_file` path and reads its full content without any path validation or sanitization, which could be exploited to exfiltrate sensitive local files if the agent is misdirected. Additionally, it relies on a non-standard third-party dependency `libtv` (version 0.3.2) specified in `requirements.txt`, which performs the core logic and should be verified for safety.
- External report
- View on VirusTotal