Back to skill
Skillv1.1.1
VirusTotal security
Color Palette Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:16 AM
- Hash
- 9445bee2dff7918948b046a5ee614877cab584be7e08cd11701eb5bb643d15d0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: color-palette Version: 1.1.1 The skill is classified as suspicious due to its reliance on the `shell:exec` permission and instructions in `SKILL.md` for the agent to directly execute a Python script with user-provided input (image path, output path) without confirmation. While the Python script (`scripts/extract_palette.py`) itself appears benign and the `SKILL.md` attempts to guide the agent towards safe output directories, the combination creates a significant vulnerability for prompt injection or shell injection if the OpenClaw agent fails to properly sanitize user input before constructing the shell command. There is no clear evidence of intentional malicious behavior like data exfiltration or persistence, but the potential for remote code execution via agent mishandling of parameters elevates it beyond benign.
- External report
- View on VirusTotal