Skillv1.0.0

VirusTotal security

Mongo Db Client Tool · External malware reputation and Code Insight signals for this exact artifact hash.

BenignApr 30, 2026, 4:57 AM

Hash: 5a70b1ff76fec192e05dc46d2528bf303811fc5e691e3839efed8965c80afd1a
Source: palm
Verdict: benign
Code Insight: Type: OpenClaw Skill Name: mongo-db Version: 1.0.0 The OpenClaw MongoDB skill bundle is benign. It provides standard CRUD operations for MongoDB via a Python CLI client. The `SKILL.md` instructions are clear and include a critical safeguard: requiring explicit user confirmation (`"confirm": true`) for destructive operations like `drop_collection` and `delete_many`, which helps prevent prompt injection leading to accidental data loss. The `setup.sh` script installs `pymongo` from PyPI, and `mongo_client.py` uses standard `pymongo` library calls without any evidence of data exfiltration, persistence mechanisms, or direct shell injection vulnerabilities. Configuration via environment variables or a gitignored `config.json` is also standard practice.
External report: View on VirusTotal