Back to skill
Skillv1.2.0
VirusTotal security
Nano Triple · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:06 AM
- Hash
- 14703ec7b61a0b11a020ab06f57fb756160b79f1e6e4e7d87228425b3f528c69
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nano-triple Version: 1.2.0 The skill bundle contains a significant command injection vulnerability in SKILL.md. It instructs the AI agent to execute a shell command using `uv run` while passing the user's raw, unvalidated input directly into the `--prompt` argument. While the stated goal of parallel image generation is plausible, this pattern allows for remote code execution (RCE) if a user provides a crafted prompt containing shell metacharacters (e.g., backticks or semicolons).
- External report
- View on VirusTotal