Back to skill
Skillv1.0.0
VirusTotal security
Image Translator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:04 AM
- Hash
- 363d413dd6af9a64b3ade74fc1c2fb4d73c24221c0caa2719bccd39df9c31ab5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: image-translator Version: 1.0.0 The skill is classified as suspicious due to the use of `subprocess.run` to execute `curl` in `scripts/image_translate.py` for handling file uploads. While arguments are passed as a list, which mitigates direct shell injection, relying on an external command like `curl` for user-controlled inputs (such as `file_path`) introduces a potential vulnerability for argument injection into `curl` itself or unexpected behavior with specially crafted filenames. This represents a risky capability without clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or backdoor installation. All API endpoints (`https://api.tosoiot.com`, `https://api2.tosoiot.com`) are consistent with the stated purpose.
- External report
- View on VirusTotal