Back to skill
Skillv1.0.0
VirusTotal security
subtitle-refiner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- 45252a7fe6355cbc33baeac132a99999a32f7b71e054de30373d1c50b9c1a596
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: subtitle-refiner Version: 1.0.0 The skill is functional and performs its stated task of subtitle refinement; however, it contains a significant security flaw in `scripts/refine.py`. The script explicitly prints the sensitive `SILICONFLOW_API_KEY` to `stderr` during the `call_siliconflow_api` function for debugging purposes. While this appears to be a verbose logging practice rather than intentional malice, it results in the leakage of API credentials into process logs, meeting the criteria for a 'suspicious' classification due to high-risk vulnerability.
- External report
- View on VirusTotal