Back to skill
Skillv1.0.0
VirusTotal security
uni-image · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 1:16 AM
- Hash
- d07e5ea0fac73791ec9ded8ed953e240c8c61d1cbd0a395f02d13362cc487854
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: uni-image Version: 1.0.0 The skill is classified as suspicious because it describes a high-risk architecture involving a fetch interceptor and a local proxy server (port 18800) to handle sensitive API keys. It references non-existent or future-dated AI models (e.g., 'Gemini 3.1' and 'Nano Banana') and contains a future-dated timestamp in `_meta.json` (year 2026), which suggests deceptive intent. Furthermore, the `SKILL.md` instructions suggest executing a script located outside the skill's expected directory (`../../uni-image-proxy.js`), which is a potential path traversal risk.
- External report
- View on VirusTotal