Back to skill
Skillv1.0.0
VirusTotal security
Mermaid Image Uploader · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 5:12 AM
- Hash
- 013a82d3e25013a6ca7a262f171512b9f08c7358a67292e8719c517bd236ad87
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: mermaid-image-uploader Version: 1.0.0 The skill bundle is designed to convert Mermaid diagrams and upload them to image hosting services. All network requests are directed to legitimate image hosts (freeimage.host, postimages.org, imgur.com) or diagram rendering services (kroki.io, cdn.jsdelivr.net). The use of `subprocess.run` in `mermaid_converter.py` is implemented with temporary files and argument lists, mitigating common shell injection risks. A public API key for FreeImage.host is hardcoded in `image_host_uploader.py`, which is a minor bad practice but not malicious given its public nature and explicit comment. No evidence of data exfiltration, persistence, or prompt injection against the agent was found in any files.
- External report
- View on VirusTotal