Back to skill
Skillv0.2.0
VirusTotal security
Apple Books · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:32 AM
- Hash
- 2cd444403e745ea36cc20a2651c2ae7ae6e389b04fbe50d3124d7484b8a3604a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: apple-books Version: 0.2.0 The skill provides instructions for an AI agent to access sensitive personal data (reading history, notes, and highlights) from local Apple Books SQLite databases on macOS. It explicitly requires the user to grant 'Full Disk Access' to the process, a high-privilege permission. While the behavior aligns with the stated purpose, the instructions in SKILL.md suggest a vulnerable pattern of direct string replacement for SQL queries ('SEARCH_TERM'), which could lead to local SQL injection if the agent does not sanitize user input. No evidence of data exfiltration or intentional malice was found.
- External report
- View on VirusTotal