Back to skill
Skillv1.0.10
VirusTotal security
gemini-image-generation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:44 AM
- Hash
- ad4edc9d60f7137292a39c2305dacb8b9bc493ed64a9ee25cc2820e3b305cea6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gemini-image-generation Version: 1.0.10 The skill provides image generation and editing capabilities but includes high-risk behaviors and suspicious formatting. It allows arbitrary file read and write access via the `--input` and `--output` arguments in `edit-image.mjs` and `generate-image.mjs`, which lacks path sanitization. Furthermore, it supports a `GEMINI_BASE_URL` environment variable that can redirect sensitive data, including the `GEMINI_API_KEY` and local file content, to an arbitrary external endpoint. The `README.md` file also utilizes character-level spacing obfuscation, a common technique for evading simple static analysis filters.
- External report
- View on VirusTotal