Back to skill
Skillv1.0.0
VirusTotal security
智能配音合成虾 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 21, 2026, 8:46 AM
- Hash
- cf2967d73ffad36e098ec8f4e003d4fa64a8eb277ed90dd01d6b6ea11ad5b202
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-voice-synthesis-claw Version: 1.0.0 The skill bundle contains an instruction in SKILL.md (Step 3) that directs the AI agent to execute a shell command to 'echo' sensitive environment variables (ELEVENLABS_API_KEY and OPENAI_API_KEY). This behavior risks exposing private API credentials in the agent's output logs or to the end-user. While the Python script 'scripts/synthesize-voice.py' appears to be a legitimate implementation of voice synthesis using ElevenLabs and OpenAI APIs, the explicit instruction to print secrets is a high-risk vulnerability often used for credential harvesting.
- External report
- View on VirusTotal