Back to skill
Skillv1.0.1
VirusTotal security
Info Vivid · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:19 AM
- Hash
- 3f38560a4a2276dfcc34dc686ce01f641fb93156ac8399b11a6fe02b6cf1b899
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: info-vivid Version: 1.0.1 The skill bundle provides legitimate data visualization tools but contains a security vulnerability due to a lack of input sanitization in `scripts/svg_bar_chart.py`. User-provided data, such as labels and titles, is inserted directly into SVG and HTML templates using f-strings, which could lead to Cross-Site Scripting (XSS) when the generated files are opened in a browser. Additionally, `SKILL.md` and `scripts/png_longform.py` include instructions and code to archive reports to a hardcoded local path (`C:\Users\ToddC\.ai-memory\news\`), which is a specific environment dependency that could lead to unexpected file system operations.
- External report
- View on VirusTotal