Back to skill
Skillv1.0.0
VirusTotal security
115电影自动监控下载 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:06 PM
- Hash
- ca7f0373f1d16a74eda8b8b2bd5d2b94c359d4a45f18c3be038ab48807e64a7b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: movie-monitor Version: 1.0.0 The skill bundle automates movie monitoring and NAS management but exhibits several high-risk security vulnerabilities. Specifically, 'copy_and_rename_movies.py' explicitly disables SSL certificate verification (verify=False) during TMDB API requests and contains a hardcoded API key. The scripts also rely on hardcoded absolute file paths (e.g., /home/skyone/...) and use subprocess.run to execute external Node.js scripts, which could lead to command injection if paths are manipulated. While the behavior appears aligned with the stated purpose of media automation, the handling of sensitive 115.com authentication cookies in plaintext and the intentional bypassing of transport security are significant flaws.
- External report
- View on VirusTotal