Back to skill
Skillv0.1.0
VirusTotal security
ImageRouter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:20 AM
- Hash
- a63099ebb53e188e0bed9516107c11131438fc1af7369063274e0235cfbdb186
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: image-router Version: 0.1.0 The skill uses `curl` to interact with the ImageRouter API, including examples that demonstrate uploading local files (e.g., `image[]=@/path/to/your/image.webp`) for image-to-image functionality. While this capability is described as necessary for the skill's stated purpose, it represents a high-risk feature. The ability to read and upload arbitrary local files via `curl` could potentially be exploited through prompt injection to exfiltrate sensitive data from the agent's environment to `api.imagerouter.io`, even though the skill itself does not explicitly instruct such malicious behavior. This risky capability is present in `SKILL.md`.
- External report
- View on VirusTotal