Back to skill
Skillv1.0.2
VirusTotal security
Nvidia Sdxl · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- 301a5b6bc92999784193be068cd66260d740faf4dd70c1a39474e3b3960bf4c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nvidia-sdxl Version: 1.0.2 The skill bundle contains a hardcoded NVIDIA API key in `index.py`, which is a significant security vulnerability and a potential privacy risk, as it allows the key owner to monitor the user's prompts and usage. Additionally, the `_meta.json` file contains an anomalous future-dated timestamp (2026). While the functional code for image generation aligns with the documentation in `SKILL.md`, hardcoding credentials and using anomalous metadata are high-risk indicators.
- External report
- View on VirusTotal