Back to skill
Skillv1.1.2
VirusTotal security
Coupler.io · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:06 AM
- Hash
- 0c387fd446797d42b277fb1b87281f8773378e83aefabf192ef4e034a9f0f581
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: coupler-io Version: 1.1.2 The skill bundle provides instructions for read-only data access from Coupler.io using the `mcporter` CLI. All commands and network calls are directed to legitimate Coupler.io endpoints (`auth.coupler.io`, `mcp.coupler.io`) via HTTPS. There is no evidence of data exfiltration to unauthorized destinations, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent. While the `query` parameter for `get-data` could present a SQL injection vulnerability if the backend is not properly secured, this is a potential flaw in the target service or `mcporter`'s handling, not an intentional malicious act by the skill itself, which merely instructs the agent to use the feature as designed.
- External report
- View on VirusTotal