Back to skill
Skillv1.0.1
VirusTotal security
Zero TiDB(Deprecated) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:24 AM
- Hash
- c7ac3796d19504a29f6d86a7d57e924232d9aafdb7f27b71fafb781c438f6e3c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zero Version: 1.0.1 The skill's primary purpose is to provision TiDB Cloud Zero databases, which involves making API calls and providing connection details. However, the `SKILL.md` file contains instructions for the agent to execute `mysql` commands where the connection string, obtained directly from an external API response (`zero.tidbapi.com`), is interpolated into a shell command. This pattern (`mysql "<connectionString>"`) presents a shell injection vulnerability (RCE risk) if the `connectionString` returned by the API were maliciously crafted, even though the skill author's intent is to connect to their own provisioned database. This risky capability, despite lacking clear malicious intent from the skill author, warrants a 'suspicious' classification due to the potential for remote code execution via a compromised API endpoint.
- External report
- View on VirusTotal