Back to skill
Skillv1.0.2
VirusTotal security
Table To Image · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:09 AM
- Hash
- 9245507c170d1974ebbab834c0d82d9d0be0ad2da04b7d83cc19c589a8de297c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: markdown-table-to-image Version: 1.0.2 The script `scripts/md2img.js` contains a shell injection vulnerability where command-line arguments (`width` and `outputFile`) are concatenated directly into an `execSync` call to `wkhtmltoimage`. While the tool's stated purpose of converting Markdown tables to images is legitimate, the lack of input sanitization allows for potential arbitrary command execution if the agent is prompted with malicious parameters. No evidence of intentional malware or data exfiltration was found.
- External report
- View on VirusTotal