Back to skill
Skillv2.0.0
VirusTotal security
Ifc Data Extraction · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:31 AM
- Hash
- cc9b4e7ed6655c7bcad5564d300fc4ccbb5a193efb93b181d4dc50dff2dd2815
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ifc-data-extraction Version: 2.0.0 The skill is designed for IFC data extraction and export, requesting `filesystem` permissions which aligns with its stated purpose. However, the `IFCExporter.to_database` function in `SKILL.md` uses `sqlalchemy.create_engine` with a user-provided `connection_string`. While the `instructions.md` states 'No network access required', this capability allows connection to arbitrary SQL databases (local or remote). If an attacker can control the `connection_string`, this presents a significant vulnerability for potential unauthorized database access or data modification, classifying it as suspicious due to a high-risk capability without clear malicious intent from the skill's author.
- External report
- View on VirusTotal