Back to skill
Skillv1.0.0
VirusTotal security
App Order Date Key Stats · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:23 AM
- Hash
- 85a58730aab103f0e6558333a487ef86fe67cb1b545c2037c56814545a466fdc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: app-order-date-key-stats Version: 1.0.0 The skill contains a significant SQL injection vulnerability in SKILL.md, as user-provided keywords are directly interpolated into a SQL query string using f-strings without sanitization. Additionally, it hardcodes a specific Aliyun RDS database endpoint (rm-uf69co304tkv5htydco.mysql.rds.aliyuncs.com). While the instructions include explicit security rules and the intent appears to be a legitimate internal reporting tool, the flawed implementation of dynamic SQL construction poses a high risk.
- External report
- View on VirusTotal