Back to skill
Skillv1.0.0
VirusTotal security
steampunk-transform-video-gen-seedance2-0 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 7:16 PM
- Hash
- f0e027b97271ce97b6b3a6ce6a02862562caca3ece10362171fbc1ff93d8d08a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: steampunk-transform-video-gen-seedance2-0 Version: 1.0.0 The skill bundle contains a Node.js script (scripts/video_gen.js) that can read local files and upload them to an external API (api-growth-agent.weryai.com). While this behavior is disclosed in SKILL.md and resources/WERYAI_VIDEO_API.md as a feature for image-to-video generation, it constitutes a high-risk capability for data exfiltration. The script lacks strict validation to prevent reading non-image files if a path is provided to the 'image' parameter. Although no clear evidence of intentional malice was found, the ability to transmit local filesystem content to a remote endpoint (IOC: api-growth-agent.weryai.com) is a significant security concern.
- External report
- View on VirusTotal