Back to skill
Skillv1.0.0
VirusTotal security
Baserow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- ac6d1638e34788d692d67088f22db850f1352b26ed2cd6f3b7ee9da47b463d48
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: baserow Version: 1.0.0 The skill is classified as suspicious primarily due to a hardcoded example API token (`mOsuizlNhyUWclr7xKjIgxJxdMPVmkNy`) present in the `SKILL.md` file. While intended as an example, an AI agent might inadvertently use this token if the `BASEROW_TOKEN` environment variable is not properly configured, potentially granting unauthorized access to the `baserow.ericbone.me` service. Additionally, the skill utilizes shell commands (`curl`, `python3`, `grep`, `xargs`, `source`) to interact with the API and load environment variables, which, while functional for its stated purpose, could pose command injection risks if inputs were not strictly controlled. There is no clear evidence of intentional malicious behavior such as data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation.
- External report
- View on VirusTotal