Back to skill
Skillv0.1.2
VirusTotal security
Auto Midjourney · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 1:36 PM
- Hash
- 08b9171f62499d4443c7875e8c6a0905f059881e21e75665006a483cc8d7dcf0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-midjourney Version: 0.1.2 The skill automates the Midjourney Alpha web interface by requiring the user's full authentication cookie (MJ_COOKIE) and controlling a local Chrome instance via Chrome DevTools Protocol (CDP) or Playwright. It employs high-risk execution patterns, including subprocess calls to curl, node, and osascript (scripts/mj_browser.py, scripts/mj_alpha.py), and executes JavaScript within the browser context using eval (scripts/mj_playwright_bridge.mjs). While the logic appears aligned with its stated purpose of image generation and lacks evidence of intentional exfiltration to third-party domains, the requirement for sensitive session cookies and the use of powerful browser automation tools represent a significant security risk and a broad attack surface.
- External report
- View on VirusTotal