Back to skill
Skillv1.0.0
VirusTotal security
自然语言转 SQL 查询助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:00 AM
- Hash
- 3b60c44bfe23ff195d213f3137bb06e70953d4d222390432b93af40e7aa95ebe
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nl2sql Version: 1.0.0 The skill bundle provides a natural language interface for MySQL database management, which involves high-risk capabilities such as shell execution and file access. Specifically, `scripts/query.sh` and `scripts/transaction.sh` can read arbitrary local files if the agent is manipulated into providing a sensitive file path as the SQL input. Additionally, `scripts/schema.sh` contains a potential SQL injection vulnerability by directly embedding the table name variable into a query string. While the `SKILL.md` and `references/guide.md` files include extensive security instructions to prevent credential leakage and require confirmation for destructive actions, the underlying scripts possess risky primitives that could be exploited if the AI agent's instructions are bypassed.
- External report
- View on VirusTotal