Back to skill
Skillv1.0.0
VirusTotal security
Multimodal Asset Tagger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- 22a83882adf999dac357a091e99a21b765d637cfb72adbaeb2d1aa55bb22a574
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: geo-multimodal-tagger Version: 1.0.0 The `scripts/optimize_asset.py` file generates filenames from user-provided descriptions without adequate sanitization. While the script itself only prints to stdout, this creates a path traversal or command injection vulnerability if the OpenClaw agent or a downstream system uses the generated filename directly to create files or execute shell commands. The `SKILL.md` instructs the agent to execute this script with user-controlled input, making this a potential attack vector. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal