Back to skill
Skillv1.0.0
VirusTotal security
Lite Sqlite · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:08 AM
- Hash
- 465779079c5bb2fa29217442a555dbae6f705cf1135bd1b71772a7b78c07f604
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lite-sqlite Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities found in `scripts/sqlite_cli.py` and `scripts/sqlite_connector.py`. The `sqlite_cli.py`'s `query` command directly passes user-supplied SQL to `SQLiteDB.query()` without sanitization, leading to a severe SQL injection vulnerability. Additionally, the `SQLiteDB.backup()` and `auto_backup()` methods in `sqlite_connector.py` allow writing database backups to arbitrary file system paths, posing an arbitrary file write vulnerability. These flaws could be exploited by an attacker to execute arbitrary SQL commands, potentially leading to data exfiltration, modification, or unauthorized file system operations.
- External report
- View on VirusTotal