Back to skill
Skillv1.4.0
VirusTotal security
PPT to Video(汇报视频生成) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 10, 2026, 10:51 AM
- Hash
- 4a1bb2c212502e7b58cffe10fa8e1e19d1778cfae1ce36677f9eeb04a07a78b7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ppt-to-video Version: 1.4.0 The skill bundle contains multiple shell injection vulnerabilities in 'scripts/generate.js' and 'scripts/extract_ppt_text.py' due to the use of 'execSync' and 'subprocess.run' with unsanitized string concatenation for shell commands. While the code's logic aligns with its stated purpose of converting presentations to videos using tools like ffmpeg and libreoffice, the lack of proper input escaping for file paths and TTS text (processed via edge-tts) poses a significant RCE risk. The script also relies on hardcoded absolute paths (e.g., '/home/Vincent/'), which is a security anti-pattern.
- External report
- View on VirusTotal