Back to skill
Skillv1.1.0
VirusTotal security
Crazyrouter Image Gen · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- 313e46ea9e21265278d071b58779c8afe0b84898e9f240e18866508ea61cedce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crazyrouter-image-gen Version: 1.1.0 The skill is classified as suspicious due to a combination of technical vulnerabilities and deceptive content. The 'main.mjs' script lacks path sanitization for the '--image' argument, which allows for potential arbitrary file write vulnerabilities if the agent is manipulated into providing a sensitive file path. Additionally, the 'SKILL.md' documentation references non-existent AI models (e.g., Gemini 3.1, Imagen 4.0, and Sora Image) and directs users to an obscure API provider (crazyrouter.com), which may indicate a deceptive service or a front for harvesting API keys. The script also fetches and writes data from arbitrary URLs provided by the external API response without validation.
- External report
- View on VirusTotal