Back to skill
Skillv1.1.3
VirusTotal security
Usage Visualizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:06 AM
- Hash
- 0475a116b2e94377d8e0f7fc71717ca56690b4740b8eeac5d2fb9d8a00b6d5c1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: usage-visualizer Version: 1.1.3 The skill is classified as suspicious due to a potential arbitrary file write vulnerability in `scripts/generate_report_image.py` if the `--output` argument were user-controlled, and the heavy dependency on Chromium for image rendering, which significantly expands the attack surface. While the agent's execution flow (via `scripts/run_usage_report.py`) mitigates the arbitrary file write by constraining output to `OPENCLAW_WORKSPACE` or the project root, and the HTML content for rendering is generated locally without external network calls, these factors introduce meaningful risks. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal