Back to skill
Skillv1.0.1
VirusTotal security
Airtable w/Python · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:03 AM
- Hash
- 3a0af3fab688ab26c247748535a64a4dcffb88cd187bdd3bd09c7e04992f5d26
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pydantic-airtable Version: 1.0.1 The skill bundle contains a high-risk capability in `scripts/model_ops.py` that dynamically imports and executes local Python modules using `importlib.util`. While this is documented as a feature for syncing Pydantic models to Airtable, it creates a significant remote code execution (RCE) surface if the agent is manipulated into processing untrusted files. Additionally, `scripts/manage_records.py` and `scripts/manage_tables.py` allow reading arbitrary local files via the `@` prefix in JSON arguments, which could be exploited for local file inclusion (LFI) or sensitive data exposure.
- External report
- View on VirusTotal