Back to skill
Skillv1.2.0
VirusTotal security
Millionfinney Homepage · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:24 AM
- Hash
- 843f4999d724309edc4da1b7cba120c408f8e7eed3739d18b29e26f7ac16485e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: millionfinney-homepage Version: 1.2.0 The skill bundle is classified as suspicious due to a potential path traversal vulnerability in `scripts/image_to_pixels.py`. The script takes `--json` and `--csv` file paths as arguments, which, if controlled by a malicious prompt injection, could allow an AI agent to write to arbitrary file locations (e.g., `../../../../etc/passwd`). While the script's core functionality is benign (converting images to pixel data), this lack of input sanitization for file paths presents a vulnerability. There is no evidence of intentional malicious behavior like data exfiltration, backdoors, or unauthorized network activity.
- External report
- View on VirusTotal