Back to skill
Skillv1.0.0
VirusTotal security
database_skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:22 PM
- Hash
- df6664bbd33a96b099546abc94bbb3f22cf5e0202f7a7a9990f4a4e63ec0a592
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: dbskill Version: 1.0.0 The dbskill bundle is a standard database connectivity utility supporting MySQL, PostgreSQL, Oracle, SQL Server, and SQLite. It implements security best practices such as parameterized queries (query_executor.py) and handles sensitive credentials via environment variables rather than hard-coding. While it persists connection history to a temporary JSON file (connections_store.py), it explicitly avoids storing passwords. There is a potential SQL injection risk in the 'execute_batch' method and schema introspection queries (schema_inspector.py) if provided with malicious table names, but these appear to be standard implementation trade-offs rather than intentional backdoors.
- External report
- View on VirusTotal