Back to skill
Skillv1.0.0
VirusTotal security
PhotoCHAT Photo Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:51 AM
- Hash
- 6371976bdc8def3b26a5ef475908c3276399480eaf1fb80cdc4f4b6724149fd3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: photochat-search Version: 1.0.0 The `SKILL.md` file instructs the AI agent to construct a `powershell` command (`photochat search`) by directly appending the user's natural language query. This direct concatenation of user input into a shell command without explicit sanitization or quoting instructions creates a significant vulnerability to shell injection, potentially leading to arbitrary command execution (RCE) if the agent does not securely handle user input before execution. While not intentionally malicious, this design flaw presents a high-risk capability.
- External report
- View on VirusTotal