Back to skill
Skillv1.0.0
VirusTotal security
Taizi Alicloud Ai Image · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:32 AM
- Hash
- d76fed7ec858f19ab80c8ffb09216c488e759c4ea79bb64480a808a6915fd620
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: taizi-alicloud-ai-image Version: 1.0.0 The skill facilitates image generation via Alibaba Cloud's DashScope SDK but contains high-risk behaviors and a vulnerability. The script `scripts/generate_image.py` automatically searches for and reads sensitive API keys from `~/.alibabacloud/credentials`. Additionally, the `resolve_reference_image` function allows for arbitrary local file reads by checking if a provided string is a file path and reading its bytes without sanitization; this could be exploited to exfiltrate sensitive files (e.g., SSH keys) to the model provider's API if the `reference_image` parameter is manipulated.
- External report
- View on VirusTotal