Back to skill
Skillv0.2.1
VirusTotal security
phoenixclaw image gen · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:33 AM
- Hash
- d690e7d79edd34c257372a60b0691319a7d3ff2d5632b7aaae9a1378592b4dc9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: phoenixclaw-image-gen Version: 0.2.1 The skill bundle is classified as suspicious due to a critical data exfiltration vulnerability in `scripts/generate.js`. The `generateImageWithRetry` function reads the `inputImagePath` argument using `fs.readFileSync` without any path validation, allowing an attacker to specify arbitrary local file paths (e.g., `--input-image /etc/passwd`). The content of these files is then base64 encoded and sent to the OpenRouter API (`https://openrouter.ai/api/v1/chat/completions`) as part of the image generation request. While OpenRouter is a legitimate service, sending arbitrary system files to an external endpoint without explicit user consent or clear purpose constitutes a significant data exfiltration risk, stemming from a lack of input sanitization.
- External report
- View on VirusTotal