Back to skill
Skillv1.0.0
VirusTotal security
TCL (Lyon public transport network) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- 4921d02ce05422b2dbd5500e1db0713921c1a34f46e71ed962d6a33eb096e651
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tcl-lyon Version: 1.0.0 The skill is classified as suspicious due to multiple SQL injection vulnerabilities found in `tcl_tool.py`. Specifically, the `get_next_departures`, `get_last_departures`, and `get_first_departures` functions construct SQL queries by directly formatting user-controlled `line` and `direction` parameters into the query string (e.g., `line_filter`, `direction_filter`) instead of using parameterized queries. This allows an attacker to inject arbitrary SQL commands. Additionally, the `_get_active_services` function directly interpolates the `weekday` variable into an f-string, which is a bad practice, although not directly exploitable by user input in this context. There is no evidence of intentional malicious behavior like data exfiltration or backdoor installation, classifying these as vulnerabilities rather than malware.
- External report
- View on VirusTotal