Back to skill
Skillv1.0.0
VirusTotal security
emo-img — Give Your AI Emotional Expression · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:14 AM
- Hash
- f4ccfb40cd205c15ff62aeef831155fc8ade10a085094aa960638899a81f3974
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: emo-img Version: 1.0.0 The skill provides legitimate sticker management functionality but contains a security vulnerability in `scripts/sticker.py` where SSL certificate verification is explicitly disabled (`ssl.CERT_NONE`) as a fallback if local certificate bundles are not found. Additionally, the script contains a hardcoded Tenor API key. While these appear to be design choices for cross-platform compatibility and ease of use, the bypass of SSL verification exposes the agent to man-in-the-middle (MITM) attacks during sticker searches and downloads.
- External report
- View on VirusTotal