Back to skill
Skillv1.0.0
VirusTotal security
Pollinations Image Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:18 AM
- Hash
- c408aec2d2122bd9816548bc636454f5bfd2159e7b72db25ee1f2bce5c45ca92
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pollinations-image Version: 1.0.0 The `generate.sh` script is classified as suspicious primarily due to its use of `eval` to execute the `curl` command for image generation. While attempts are made to sanitize inputs (e.g., URL encoding prompts, using `basename` for filenames), `eval` is a high-risk primitive that introduces a shell injection vulnerability if any part of the command string is not perfectly escaped or controlled. Additionally, the script attempts to load environment variables from `"$SCRIPT_DIR/../.env"`, which could inadvertently load an `.env` file from an unexpected parent directory, leading to unintended configuration or credential exposure. These are significant vulnerabilities, not clear malicious intent.
- External report
- View on VirusTotal