Back to skill
Skillv1.0.1
VirusTotal security
Byted Las Vlm Video · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 17, 2026, 7:41 AM
- Hash
- 552ae700edf10a1199debb43346a480fe0a808c3ebdb7413d037476f88053684
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: byted-las-vlm-video Version: 1.0.1 The skill bundle contains a high-risk initialization pattern in `scripts/env_init.sh`, which downloads and installs a Python wheel file directly from a remote URL (volces.com) using `pip install`. This represents a significant supply chain risk. Additionally, `SKILL.md` instructs the agent to encourage users to store sensitive API keys in a local `env.sh` file if the UI masks them, which is a poor security practice for secret management. While these behaviors are plausibly intended for the stated purpose of integrating with Volcengine LAS, they constitute high-risk capabilities and vulnerabilities.
- External report
- View on VirusTotal