Back to skill
Skillv1.1.4
VirusTotal security
图像生成 / Image Generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:00 AM
- Hash
- 48627d51ad7ffcd1583072ec33fda89f0cb14f2342279efebca945847ef8695a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: image-gen-coze Version: 1.1.4 The skill provides a workflow for image generation via the Coze API (api.coze.cn) but contains a vulnerability in its execution logic. The bash script template in SKILL.md constructs a JSON payload for a curl command by directly interpolating the 'prompt' variable without sanitization, which could lead to JSON injection if the agent uses this logic to process untrusted user input. Additionally, the skill requires access to sensitive API keys stored in the configuration of a dependency skill (coze_workflow).
- External report
- View on VirusTotal