Back to skill
Skillv1.0.1
VirusTotal security
lin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 25, 2026, 2:36 AM
- Hash
- 0b8bca8a2055e309724cb12b8ba1a27b73a24aef3f45c5cfd865de6c3fd2546d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: save-mysql Version: 1.0.1 The skill is classified as suspicious due to critical SQL injection vulnerabilities in `scripts/save_url_params.py`. The script dynamically generates database column names and table structures directly from URL query parameter keys using f-strings in both `CREATE TABLE` and `INSERT` statements without any sanitization. While the code's behavior aligns with the stated purpose in `SKILL.md`, the implementation allows for arbitrary SQL execution if a user provides a URL with malicious parameter keys.
- External report
- View on VirusTotal