Back to skill
Skillv1.0.6
VirusTotal security
Microsoft Foundry image generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- b5d7d1db69936b550a11f6d800bc337d7d1d87f2cada18e3121f2e69b9f1b84b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ms-foundry-image-gen Version: 1.0.6 The skill is designed for Azure Foundry image generation and includes positive security measures like endpoint validation and safe prompt handling using `jq --arg`. However, it directly interpolates the `$FOUNDRY_DEPLOYMENT` and `$FOUNDRY_API_VERSION` environment variables into the `curl` URL in `SKILL.md` without explicit validation or escaping. This creates a potential shell injection vulnerability if an attacker can control these environment variables, which could lead to arbitrary command execution on the agent. While the skill explicitly states an intent to prevent injection risks, this oversight constitutes a significant vulnerability, classifying it as suspicious rather than benign.
- External report
- View on VirusTotal