Back to skill
Skillv1.0.0
VirusTotal security
Neckr0ik Etl Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:22 AM
- Hash
- 8c6a9c0e10066ce23ae07d3c2c8ef07aff99045df17bd71f7a8b0422c5deda8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: neckr0ik-etl-builder Version: 1.0.0 The ETL tool contains significant SQL injection vulnerabilities in scripts/pipeline.py, specifically within the _load_sqlite function where table and column names are unsafely interpolated into SQL statements. Additionally, the tool stores sensitive configuration data, including database connection strings and API tokens, in plain text JSON files within the user's home directory (~/.data-pipeline). While these behaviors align with the stated purpose of an ETL tool, the lack of input sanitization and insecure credential storage represent high-risk security flaws.
- External report
- View on VirusTotal