Back to skill
Skillv1.0.0
VirusTotal security
SnapOG · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:49 AM
- Hash
- 963237cacb009b211c5217c926b4075a8757adfcdf5d4c9f4793fbaab9a5933b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snapog Version: 1.0.0 The skill is designed to interact with the SnapOG API for image generation, requiring an API key. While the instructions in SKILL.md are descriptive and functional, the API's `/v1/generate` endpoint includes a `webhook_url` parameter. This parameter allows the agent to specify an arbitrary URL to POST to upon generation completion, presenting a significant prompt injection vulnerability. An attacker could potentially instruct the AI agent to use this feature to exfiltrate data or trigger actions on an attacker-controlled server, even though the skill itself does not explicitly instruct malicious use.
- External report
- View on VirusTotal