Back to skill
Skillv1.0.0
VirusTotal security
Openrouter Image Generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:36 AM
- Hash
- df808cf869ba1e358fb53a052a102ec7728e27e5b445ee3f1b4d1d1eb819603a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openrouter-image-generation Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities in `scripts/generate_image.py`. It allows for Local File Inclusion (LFI) by reading arbitrary files specified by `--input-image` and sending their base64-encoded content to the OpenRouter API. Furthermore, it is vulnerable to Local File Write (LFW) and path traversal, as it writes generated images to an unsanitized path specified by `--filename`, potentially allowing an attacker to write files to arbitrary locations on the filesystem. While the `SKILL.md` does not contain malicious prompt injection, it exposes these vulnerable parameters to the agent, which could lead to shell injection if the agent's command execution is not properly sanitized.
- External report
- View on VirusTotal