Back to skill
Skillv1.0.0
VirusTotal security
understand-image-minimax · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:03 AM
- Hash
- 7087c2a3282851419e1ca73ecf221641b6de64d1997bb89fb99cc09dbf270cec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: understand-image-minimax Version: 1.0.0 The skill uses a Node.js script (`scripts/understand.cjs`) to analyze images via the Minimax VLM API (api.minimaxi.com). It possesses risky capabilities including reading environment variables (MINIMAX_API_KEY), performing outbound network requests, and reading arbitrary local files. While these are necessary for its stated function, the implementation lacks path sanitization, which could allow an agent to be tricked into reading and exfiltrating sensitive system files. Per the provided criteria, these risky but plausibly necessary capabilities warrant a suspicious classification.
- External report
- View on VirusTotal