Back to skill
Skillv1.0.0
VirusTotal security
BizyAir API出图 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:24 AM
- Hash
- 097683fa4c2a7b9911bd2bdd5efdb4c5f25b8640eca5bffd5566305afdfe0662
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bizyair-images Version: 1.0.0 The skill facilitates image generation via the BizyAir API (api.bizyair.cn) but is classified as suspicious due to significant shell injection risks. The instructions in SKILL.md direct the AI agent to construct and execute bash 'curl' commands by directly embedding unsanitized user-provided inputs (such as prompts, dimensions, and web_app_ids) into command strings. Furthermore, the skill explicitly offers to perform local file system operations (batch downloading images to user-specified paths) and requires access to the BIZYAIR_API_KEY environment variable, which could be compromised if the shell injection vulnerability is exploited.
- External report
- View on VirusTotal