Back to skill
Skillv1.0.0
VirusTotal security
ZenMux Image Gen (Nano Banana 2) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:11 AM
- Hash
- 53415fe4adb974fbabbda237886ece103bf0b3f51134f135a3525678b3a75092
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zenmux-image-gen Version: 1.0.0 The skill bundle is primarily benign, providing a legitimate tool for image generation via the ZenMux API. The `SKILL.md` contains clear, non-malicious instructions for the AI agent. The `scripts/generate_image.py` script uses safe practices like `argparse` for argument handling, `urllib.request` for API calls, and `os`/`pathlib` for file operations, mitigating common shell injection risks. However, a vulnerability exists in `scripts/generate_image.py` where the user-controlled `--model` argument is directly inserted into the URL path (e.g., `https://zenmux.ai/api/vertex-ai/v1/publishers/{provider}/models/{model_name}:generateContent`). This could allow for URL path traversal (e.g., `google/gemini-model/../../evil-path`) within the `zenmux.ai` domain, potentially leading to malformed requests or attempts to access unintended API endpoints on the ZenMux server. While this is a vulnerability, it does not demonstrate clear intent for data exfiltration, remote code execution, or persistence on the agent's system, thus classifying it as 'suspicious' rather than 'malicious'.
- External report
- View on VirusTotal