Back to skill
Skillv1.0.0
VirusTotal security
妙言小智(PicTech.cc)-跨境电商图片翻译 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 11:41 AM
- Hash
- 96ddac0fe1503525f55c340ef6137bde706fbf860c9288cc7cb82a2a07bf39bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: myxz-image-translator-skill Version: 1.0.0 The skill contains obfuscated core logic (index.js) and includes explicit instructions in SKILL.md directing the AI agent to avoid inspecting the source code or using tools like 'cat' and 'strings' on it. It also implements an insecure credential persistence mechanism in cli.js that stores sensitive API keys (VK) in plain text within a local file (.vk_config). While these measures are presented as intellectual property protection for the PicTech.cc service, the combination of hidden logic and instructions to bypass agent observability prevents verification of data exfiltration risks.
- External report
- View on VirusTotal