Back to skill
Skillv0.3.1
VirusTotal security
Gpt Image2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:56 PM
- Hash
- 32b5cb0dceafefc53354b349dd921e2d644e5973dde82bcf8b438e9a03abedf6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gpt-image2 Version: 0.3.1 The skill is a wrapper for image generation that is vulnerable to shell injection. The instructions in SKILL.md guide the AI agent to execute shell commands by directly embedding user-controlled prompts into arguments for the uno.py script, which allows for arbitrary command execution if the input contains shell metacharacters. It also relies on a relative path dependency (../uno-cli/bin/uno.py) to handle its core functionality and credentials.
- External report
- View on VirusTotal