Skillv1.0.0

VirusTotal security

我的二维码生成技能 · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 30, 2026, 4:44 AM

Hash: ea1e3b1ee7d38e3df880deb3aa141796996da3e24d65822fa17a6d43ec46b9a8
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: generate-qr-code-amzulin Version: 1.0.0 The skill is classified as suspicious due to the use of `subprocess.check_call` in `agent.py` for installing dependencies. While currently used for legitimate, hardcoded packages (`qrcode`, `pillow`), this mechanism introduces a capability for arbitrary command execution (RCE) if the agent's input handling or the list of packages were to be compromised. This represents a significant vulnerability, even though no malicious intent is directly observed in the provided code.
External report: View on VirusTotal