Back to skill
Skillv1.0.6
VirusTotal security
seedream(doubao)-image-generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- 8991eba99ae72c304317cb93090aebf30080e5a13af5f0b15e312edfc5399578
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: seedream-image-generation Version: 1.0.6 The skill provides image generation via the Volcengine Seedream API but includes high-risk capabilities for arbitrary file read and write access. The scripts `seedream.py` and `seedream.js` can read any local file to convert it to base64 for API requests (intended for Image-to-Image tasks) and can write downloaded images to any local directory specified by the user or agent. While these features are aligned with the stated purpose, the lack of path sanitization or sandboxing creates a vector for data exfiltration or unauthorized file modification if the agent is misdirected. No evidence of intentional malice or hidden exfiltration was found.
- External report
- View on VirusTotal