Back to skill
Skillv1.0.2
VirusTotal security
Generate Mindmap · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:34 AM
- Hash
- 784c9d76fea8d23dbe5883d8e7f5e58dab858b48f92ea129931436c423abbd9b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: generate-mindmap Version: 1.0.2 The mind map generation skill contains risky capabilities and a potential security vulnerability. The script `generate_mindmap.py` automatically executes `pip install pillow` if the library is missing, which is a high-risk behavior as it involves shell execution and network access to fetch external code. Additionally, the script generates interactive HTML files by embedding user-provided JSON data into a JavaScript variable using `json.dumps` without escaping the forward slash character, making it vulnerable to Cross-Site Scripting (XSS) if a node label contains a closing script tag (e.g., `</script>`). While the `SKILL.md` contains extensive instructions to guide the AI's output quality, no evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal