Back to skill
Skillv1.0.0
VirusTotal security
Article to Infographic · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:28 AM
- Hash
- 33f396b5b3d10fcea9f2cbf64dacb3536ce73c1e69331c803347ddc92cd3913d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: article-to-infographic Version: 1.0.0 The skill is classified as suspicious due to the `scripts/html_to_png.py` file using `subprocess.check_call` to install `playwright` and `chromium`. While this is done for the legitimate purpose of enabling PNG export, the ability to execute arbitrary commands for dependency installation represents a significant vulnerability risk (potential RCE) if the skill's environment is not adequately sandboxed or if the dependency source were compromised. There is no evidence of malicious intent such as data exfiltration or backdoor installation, and the `SKILL.md` actively implements defensive measures against prompt injection by enforcing strict user confirmation steps.
- External report
- View on VirusTotal