Back to skill
Skillv1.0.0
VirusTotal security
Azure Image Gen · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:02 AM
- Hash
- a499943b817fb7cdffd7e43b49606bdf84fec980906c2e5e9570e39dafb9aa5e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: azure-image-gen Version: 1.0.0 The skill bundle is designed for legitimate Azure DALL-E image generation. However, the `scripts/generate.py` file contains a Cross-Site Scripting (XSS) vulnerability in the `create_gallery_html` function, where the user-provided or API-revised prompt is embedded directly into the `index.html` without sanitization, allowing for potential script execution when the HTML file is viewed. Additionally, the `--out-dir` argument allows writing files to an arbitrary path, which could be abused for path traversal if the agent is instructed to specify a sensitive directory. These are vulnerabilities, not evidence of intentional malicious behavior by the skill itself.
- External report
- View on VirusTotal