Back to skill
Skillv1.0.0
VirusTotal security
openclaw ggsql · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 8:26 AM
- Hash
- f86436c05cf5a09d4170472108cc02a26196d61ed8a04a553ad97eefcf5bde82
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-ggsql Version: 1.0.0 The skill provides templates and a runner script for the ggsql visualization tool (ggsql.org). It is classified as suspicious due to potential SQL injection vulnerabilities in the SQL templates (e.g., templates/scatter.sql and templates/histogram.sql) and the instructions in SKILL.md, which encourage direct string interpolation of user-provided data sources and column names into SQL queries without sanitization. Additionally, the scripts/ggsql-runner.sh script lacks input validation for its arguments, which could lead to shell injection or unexpected behavior. While these appear to be unintentional design flaws rather than intentional malice, they represent a significant security risk in an automated agent environment.
- External report
- View on VirusTotal