Back to skill
Skillv1.0.0
VirusTotal security
Design To Html · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 9:01 AM
- Hash
- 2c92252b5c448d800d889423fbb16c50de0c64a46ec31281421cfdcfd3b4c69f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: design-to-html Version: 1.0.0 The skill provides a legitimate workflow for converting design images to HTML/CSS, but it employs several high-risk patterns. Specifically, 'scripts/pipeline.py' uses subprocess.check_call to automatically install dependencies via pip, and 'scripts/render.js' launches Puppeteer with the '--no-sandbox' flag, which disables critical browser security boundaries. While these capabilities are plausibly needed for the stated purpose of image processing and rendering, they represent significant security risks and potential vectors for exploitation in the absence of malicious intent.
- External report
- View on VirusTotal