Back to skill
Skillv1.0.0
VirusTotal security
google-image-api-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:57 AM
- Hash
- 228c39c7fabeadb7c036b4a2668deab2a12418e6cb398840b8e13bf044bff573
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: google-image-api-skill Version: 1.0.0 The skill is designed to interact with the BrowserAct Google Image API to extract structured image data. The Python script correctly retrieves the API key from environment variables and sends user-provided parameters as JSON data to the `api.browseract.com` endpoint. There is no evidence of data exfiltration beyond the stated purpose, unauthorized execution, persistence mechanisms, or obfuscation. The SKILL.md instructions are clear, align with the stated purpose, and do not contain any prompt injection attempts. A minor typo ('pyhon' instead of 'python') exists in the `SKILL.md` metadata, but this is a benign bug, not a security vulnerability or malicious indicator. The script itself is not vulnerable to shell injection from its command-line arguments, as they are used as data in an API request.
- External report
- View on VirusTotal