Back to skill
Skillv0.1.2
VirusTotal security
Pencil Renderer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:44 AM
- Hash
- 3455548c1dc3f0168038ff008640952352c782aadb76485e3da19b001162157b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pencil-renderer Version: 0.1.2 The skill is classified as suspicious due to the `G()` function in `references/batch-design-patterns.md` and `references/dna-to-pencil.md`. This function allows the agent to generate or retrieve images from external AI or stock services using user-provided prompts and keywords. While plausibly needed for the skill's stated purpose of rendering visual proposals, this represents a risky capability involving external network calls and potential for prompt injection against third-party services (e.g., for resource exhaustion, inappropriate content generation, or other abuses), even if no malicious intent is evident in the provided examples. The `SKILL.md` itself does not contain malicious prompt injection against the OpenClaw agent.
- External report
- View on VirusTotal