Back to skill
Skillv0.1.0
VirusTotal security
Photo Pack Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:10 AM
- Hash
- eb6ce76ee1769ffd0b62d11e06ba5989542b242dbb92c9f27ad3cc8962a62daf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: muapi-photo-pack-skill Version: 0.1.0 The skill utilizes high-risk capabilities including shell execution of external scripts via relative path traversal (scripts/generate-pack.sh), network access via curl to download remote assets, and the use of the 'open' command to interact with files. While these behaviors are plausibly aligned with the stated purpose of generating and viewing photo packs, the script's ability to upload arbitrary local files and the potential for shell injection via unsanitized command-line arguments (e.g., --likeness) represent significant security vulnerabilities.
- External report
- View on VirusTotal