Back to skill
Skillv1.0.0
VirusTotal security
Discrawl Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:01 PM
- Hash
- 24f4f6774435ae9a788a46891036e1c590af0b8fff84080d97ffa133d8b9b5e8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: discrawl-search Version: 1.0.0 The skill bundle is designed to search local Discord message history via a SQLite database using the 'discrawl' CLI. However, it contains a significant SQL injection vulnerability in `scripts/search_history.sh`, where the `$QUERY` and `$CHANNEL_ID` variables are directly interpolated into SQL strings. While there is no evidence of intentional malice, data exfiltration, or backdoors, this flaw allows for potential database manipulation or unauthorized data access if the agent is provided with a crafted prompt.
- External report
- View on VirusTotal