Back to skill
Skillv1.0.0
VirusTotal security
volcengine-video-generate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:39 AM
- Hash
- a7221277ad3e50549b1e6cb518a8df55b5709c9689dbe94bc83cbb8127848cb6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: volcengine-video-generate Version: 1.0.0 The `scripts/video_generate.py` script exhibits risky capabilities by allowing the reading of arbitrary local files (via the `first_frame_image` argument) and sending their base64 encoded content to the Volcengine API. Additionally, it permits writing the generated video to an arbitrary local path (via the `filename` argument), including creating directories. While these actions are plausibly needed for the skill's stated purpose (using local images and saving videos locally), they introduce a significant risk of data exfiltration or arbitrary file writes if an attacker can manipulate the input arguments, for example, through prompt injection against the executing agent.
- External report
- View on VirusTotal