Skillv1.0.0

VirusTotal security

design-analysis · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 30, 2026, 5:55 AM

Hash: fad55b2ba895e61a6ce42db640bcb0ce33cbe2842aa6bb544b0ec541a58e918d
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: design-analysis Version: 1.0.0 The skill is functional and aligned with its stated purpose of generating design analysis reports, but it contains a security vulnerability and high-risk execution patterns. Specifically, 'index.js' fails to sanitize image filenames before injecting them into the generated HTML document (lines 130-134), creating a Cross-Site Scripting (XSS) risk if the tool is run on a directory containing maliciously named files. Additionally, 'test.js' utilizes 'execSync' to run shell commands, which is a high-risk capability, although it is currently limited to internal testing of 'run.js'.
External report: View on VirusTotal