Back to skill
Skillv1.0.0
VirusTotal security
Qwen Image · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- dc6f8b2b8c975b001fcc10580412f94a68ad2151218c0e1686f98a6d7ff8e8a1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qwen-image Version: 1.0.0 The skill is generally benign, performing image generation via the Alibaba Cloud DashScope API as described. However, the `scripts/generate_image.py` file includes a `--no-verify-ssl` flag which, when enabled, disables SSL certificate verification for both the API request and image download. While the `SKILL.md` documentation mentions this as a feature for corporate proxies, disabling SSL verification is a high-risk capability that could expose the agent to Man-in-the-Middle attacks, making the skill suspicious despite the lack of clear malicious intent.
- External report
- View on VirusTotal