Back to skill
Skillv1.0.0
VirusTotal security
Bunpro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:03 AM
- Hash
- 7d02e87d8c4a1b0955577d61b5bdf02b7fd4febe62e6a9187b03ad0904855eee
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bunpro-sync Version: 1.0.0 The OpenClaw skill 'bunpro-sync' is designed to fetch Japanese grammar learning progress from the Bunpro API and store it in a local SQLite database for analysis. All files (SKILL.md, scripts/sync.py, scripts/queries.py, references/api-structure.md) align with this stated purpose. The `sync.py` script uses `requests` to interact with the legitimate Bunpro API (`https://api.bunpro.jp/api/frontend`) and `sqlite3` to store data locally in `bunpro.db`. The `queries.py` script provides tools to analyze this local data. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution (e.g., `curl|bash`), persistence mechanisms, or prompt injection attempts against the AI agent in `SKILL.md`. The handling of the API token via environment variables is a standard and secure practice, and the code uses parameterized SQL queries to prevent injection vulnerabilities. The skill appears to be a well-intentioned utility.
- External report
- View on VirusTotal