Back to skill
Skillv1.0.3
VirusTotal security
Sih.AI Photo Changer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:07 AM
- Hash
- 183e1fd57f6844518339ff7cab052570513c3433a099742d827fa301fb79aa76
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sih-ai-photo-changer Version: 1.0.3 The skill bundle contains a hardcoded API bearer token in `scripts/image_gen.py`, which is a significant security risk. Furthermore, the script lacks input validation for the local file path provided in the `image_input` argument; this could be exploited via prompt injection to trick the agent into reading and exfiltrating sensitive local files to the external API endpoint (api.vwu.ai) by encoding them as base64 'images'.
- External report
- View on VirusTotal