Back to skill
Skillv1.0.1
VirusTotal security
Web2Labs Studio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:29 AM
- Hash
- 934ca0b4400532cc39dd25ac7674739bef2979a5c251537e5934082907abb9d0
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: web2labs-studio Version: 1.0.1 The OpenClaw Studio skill is designed with strong security controls, explicitly addressing common attack vectors. It prevents credential leakage by stripping authentication headers for non-Web2Labs domains (`src/lib/api-client.mjs`), sanitizes remote filenames to prevent path traversal during downloads (`src/tools/download.mjs`), and uses `execFileAsync` for `yt-dlp` execution with carefully constructed arguments to mitigate shell injection risks (`src/lib/downloader.mjs`). API keys are stored locally with restricted permissions (`~/.openclaw/openclaw.json`, `chmod 600`). The `SKILL.md` instructions guide the AI agent in a safe and cost-aware manner, reinforcing guardrails against misuse. There is no evidence of intentional harmful behavior, obfuscation, or unauthorized data exfiltration.
- External report
- View on VirusTotal