Back to skill
Skillv1.0.1
VirusTotal security
Byted Las Long Video Understand · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 7:36 AM
- Hash
- 7a0aca76f510714da045950e4b7defe5dfec14ec6e6294e7ce24ef78f1d08bd5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: byted-las-long-video-understand Version: 1.0.1 The skill bundle performs remote code execution by downloading and installing a Python wheel file and a manifest from a remote URL (volces.com) within `scripts/env_init.sh`. While the domain appears to be the official Volcengine (ByteDance) cloud service, fetching and installing binaries directly from a remote bucket instead of a verified package repository is a high-risk supply chain behavior. Additionally, `SKILL.md` instructs the agent to execute this initialization script automatically, which could be leveraged if the remote endpoint is compromised.
- External report
- View on VirusTotal