Back to skill
Skillv1.0.2
VirusTotal security
Fast Image · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:16 AM
- Hash
- 02e5cdd7418cb07ddf5cfce42fa3cad3ae554ca77215ec66d711e97935dc734f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fast-image Version: 1.0.2 The skill `fast-image` is classified as suspicious due to a shell injection vulnerability in `send_image.mjs`, where `child_process.spawn` is invoked with `shell: true` using unsanitized user-provided arguments. This allows for arbitrary command execution if parameters such as `target` or `message` contain shell metacharacters. Additionally, the script lacks path validation for the `image_path` parameter, which could be exploited to read and exfiltrate sensitive local files.
- External report
- View on VirusTotal