Back to skill
Skillv0.1.0-alpha.4
VirusTotal security
Workcrm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:55 AM
- Hash
- 84117c94df902762ec5d6fb5875571cd6f7f85a9c7eb7458a7c28e64883a2172
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: workcrm Version: 0.1.0-alpha.4 The OpenClaw WorkCRM skill is classified as benign. The code adheres to good security practices, utilizing parameterized queries in `workcrm/db/repo.py` to prevent SQL injection. Input parsing in `workcrm/parse.py` uses regular expressions to extract data, which is then passed as values to the database, not as executable code. The `SKILL.md` documentation provides clear usage instructions and does not contain any malicious prompt injection attempts. File system access is limited to its own SQLite database, located in a standard OpenClaw data directory, and there are no network calls or attempts to access sensitive system files. The explicit confirmation gate (`记`/`不记`) adds a layer of security by requiring user approval before committing actions.
- External report
- View on VirusTotal