Back to skill
Skillv0.3.0
VirusTotal security
LinkMind Capture · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 4, 2026, 4:46 PM
- Hash
- 6b5b12c9c8e26fc3a8593c69e0e6cab4d5d3e6b98916366c7b079a6a1e096543
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: linkmind-capture Version: 0.3.0 The skill bundle provides a sophisticated workflow for archiving social media content into an Obsidian vault, utilizing high-risk capabilities such as shell command execution (for `yt-dlp` and `ffmpeg`), browser automation via Chrome DevTools Protocol (`chrome-cdp.ts`), and extensive filesystem access. It handles sensitive user credentials, including platform cookies and ASR API keys (OpenAI/iFlytek), which are stored in `.env` files. While the scripts and the detailed `SKILL.md` instructions appear strictly aligned with the stated purpose of scraping and transcribing content, the combination of broad permissions (Shell, Read, Write, Network) and the complexity of the execution flow represents a significant attack surface. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal