Back to skill
Skillv1.0.1
VirusTotal security
Ultimate AI Media Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:12 AM
- Hash
- b73aff82ddf57ef7108f116d1e33da63918addead1d2d56c4afa83e0cd77fa7f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ultimate-ai-media-generator Version: 1.0.1 The skill provides a functional CLI and API wrapper for the CyberBara AI media generation service. It is classified as suspicious due to the high-risk 'auto-open' functionality implemented in `src/cyberbara_cli/usecases/media_output.py`, which automatically executes system-level commands (`open`, `xdg-open`, or `cmd /c start`) on files downloaded from the remote API. While this behavior is explicitly documented in `SKILL.md` as a feature, it introduces a potential Remote Code Execution (RCE) vector if the remote service (cyberbara.com) were compromised or returned malicious payloads. Additionally, the `raw` command in `src/cyberbara_cli/cli.py` allows the agent to perform unconstrained HTTP requests to the base domain, which increases the attack surface.
- External report
- View on VirusTotal