Back to skill
Skillv1.0.0
VirusTotal security
TencentCloud Image Face Fusion · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- dc3f332a21eda0fd74909eb3b1de8f5274e45868922fc60d7aeeb35a172aa34b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tencentcloud-image-face-fusion Version: 1.0.0 The skill is classified as suspicious due to high-risk capabilities and potential vulnerabilities. The script `scripts/main.py` automatically executes `pip install` to manage dependencies and reads arbitrary local files based on user-provided paths without validation, which could lead to unauthorized file access. Additionally, `SKILL.md` contains instructions for the AI agent to follow a 'Zero interaction principle,' explicitly directing it to execute commands without user confirmation. This combination significantly increases the risk of prompt injection attacks, where an agent could be manipulated into reading and exfiltrating sensitive local data to the Tencent Cloud API endpoint (facefusion.tencentcloudapi.com).
- External report
- View on VirusTotal