Back to skill
Skillv1.0.1
VirusTotal security
Learning Planner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:36 AM
- Hash
- 1a7e8429d92ab784c65e2dfcdf19c4bd8d51240d9d6470a8c81b4032d6bd67cc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: learning-planner Version: 1.0.1 The skill implements a legitimate learning management system but contains multiple SQL injection vulnerabilities in 'src/learning_database/cards.py' and 'src/learning_database/sessions.py'. Specifically, the 'days' parameter is directly interpolated into SQL query strings using '.format()' instead of using safe parameterized queries. While likely an unintentional coding flaw rather than intentional malice, this vulnerability allows for potential manipulation of the local SQLite database (~/.config/learning-planner/learning.db) if the input is not strictly validated at the CLI layer.
- External report
- View on VirusTotal