Back to skill
Skillv1.0.4
VirusTotal security
Hitpaw Image Enhancer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:27 AM
- Hash
- 251805375120829585c1a1c10ff9a2d5b4c80c845fd4e6fa13e046b7bc9b7ee5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hitpaw-image-enhancer Version: 1.0.4 The skill bundle contains several technical anomalies that suggest high risk or poor supply chain integrity. Most notably, the `package-lock.json` references a non-existent version of the `axios` library (v1.13.6, whereas the current stable release is v1.7.x), which is a common indicator of dependency confusion or a tampered supply chain. Additionally, `src/video-cli.js` contains unaddressed git merge conflict markers (e.g., '<<<<<<< HEAD'), indicating the code was published in an unstable or improperly reviewed state. While the core logic aligns with the stated purpose of image/video enhancement via the HitPaw API, these structural red flags make the bundle untrustworthy for production use.
- External report
- View on VirusTotal