Back to skill
Skillv1.0.0
VirusTotal security
Filtrix AI Image Generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:28 AM
- Hash
- 2da899bccedbf5a284217911e9188d46389e0bb95f41149ce224e32cad5f40cc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: filtrix-ai-image-gen Version: 1.0.0 The skill bundle provides image generation and editing functionality using external AI providers. It correctly handles API keys via environment variables and communicates with legitimate API endpoints. However, the Python scripts (`scripts/edit.py`, `scripts/generate.py`) accept user-controlled file paths for input images (`--image`, `--mask`) and output images (`--output`). This capability, while necessary for the skill's function, introduces a vulnerability where a malicious prompt to the OpenClaw agent could lead to arbitrary file reads (e.g., attempting to read sensitive system files as input images) or arbitrary file writes (e.g., overwriting system files with generated images), posing a risk for data leakage or system compromise if the agent's input is not properly sanitized.
- External report
- View on VirusTotal