Back to skill
Skillv0.1.4
VirusTotal security
Douyin Video Analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:20 AM
- Hash
- e8705dd4ffc0b7bc75d002e44b0d7fae5080a202fc49bdfe36a43dfc099fab01
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: douyin-video-analysis Version: 0.1.4 The skill bundle implements a complex pipeline for scraping Douyin, downloading audio, and transcribing it. While the behavior aligns with the stated purpose, it performs several high-risk actions: it extracts active browser cookies and User-Agent strings via a Chrome bridge (`douyin_grab.py`), uses `subprocess.run` to execute shell commands with web-derived data, and relies on hardcoded absolute paths for a specific user profile (`/Users/bobzhong/`). These capabilities, particularly the programmatic extraction of browser cookies and the potential for command injection, represent significant security and privacy risks that warrant a suspicious classification despite the lack of clear evidence of intentional malice.
- External report
- View on VirusTotal