Back to skill
Skillv0.1.3
VirusTotal security
项目宣传页和长截图一键生成工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:11 AM
- Hash
- 7b08fdafc573bcf115a2bc96fab46dbe7325cf471ae7dd08ddb874ba91f69641
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: project-intro-generator Version: 0.1.3 The skill bundle contains a command injection vulnerability in `src/git.js`, where the `gitUrl` parameter is passed directly to `execSync` without sanitization. Additionally, `src/image.js` utilizes `playwright` to render HTML and capture screenshots, which presents a risk of local file disclosure or SSRF if the input paths or URLs are not strictly controlled. While these are high-risk vulnerabilities that could lead to Remote Code Execution (RCE), the extensive logic for project analysis and dependency mapping suggests a legitimate utility rather than intentional malware.
- External report
- View on VirusTotal