Back to skill
Skillv0.1.0
VirusTotal security
OpenClaw Model Card · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:21 AM
- Hash
- c5fcede0e75e44a8e5aea8970619b883f56e77c67b5c86040b5c3af71788bd21
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-model-card Version: 0.1.0 The skill bundle is classified as suspicious due to several vulnerabilities in `scripts/show-model-config.py` and `scripts/md2img.js`. The `show-model-config.py` script allows an arbitrary file read via the `--config` argument, enabling an attacker to specify any JSON file on the system for parsing. Additionally, both `show-model-config.py` and `md2img.js` allow an arbitrary file write via the `--image` argument, potentially overwriting existing files or writing to sensitive locations. While there is no evidence of intentional malicious behavior like data exfiltration or persistence, these vulnerabilities could be exploited by an attacker controlling script arguments (e.g., through prompt injection against the agent).
- External report
- View on VirusTotal