Back to skill
Skillv0.1.1
VirusTotal security
Skill Auto Evolver · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:54 AM
- Hash
- f8e9eb008534a0f90c5811b876f6d2879dcd58fd02810c0f95e65382ca783141
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-auto-evolver Version: 0.1.1 The skill bundle provides a utility for monitoring and analyzing OpenClaw skills, but it contains a SQL injection vulnerability in 'database/models.py' where the 'days' parameter is inserted into SQLite queries using string formatting rather than parameterization. While the tool's ability to read and analyze all files in the '~/.openclaw/skills' directory is aligned with its stated purpose of code quality analysis, this represents a high-privilege capability. No evidence of intentional malice, data exfiltration, or backdoors was identified.
- External report
- View on VirusTotal