Back to skill
Skillv1.3.3
VirusTotal security
Jimeng AI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:29 AM
- Hash
- f5f676e66ac4bc3957ae215dba7cd6f6e13af670d2471a43f56d26cef06a35f2
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: jimeng-ai Version: 1.3.3 The OpenClaw skill 'jimeng-ai' is designed for text-to-image and text-to-video generation using the VolcEngine Jimeng AI API. It requires API credentials (VOLCENGINE_AK, VOLCENGINE_SK, VOLCENGINE_TOKEN) via environment variables, which is standard for cloud API integration. The skill includes robust path sanitization in `scripts/text2image.ts` and `scripts/text2video.ts` (via `sanitizePath` and `getTaskFolderPath`) to prevent directory traversal attacks when handling user-specified output directories. There is no evidence of malicious prompt injection in `SKILL.md` or `README.md`, nor any code indicating data exfiltration to unauthorized endpoints, persistence mechanisms, or arbitrary code execution. A minor vulnerability exists where debug logging in `scripts/common.ts` could expose credentials if enabled in an insecure environment, but this is a flaw, not an intentional malicious act.
- External report
- View on VirusTotal