ClawHub

Sql Injection Scanner

v1.4.0

Scans web app parameters for SQL injection vulnerabilities using boolean, time-based, and UNION SELECT techniques with optional JSON reporting.

0· 95·0 current·0 all-time
by@snipercat69

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for snipercat69/edgeiq-sql-injection-scanner.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Sql Injection Scanner" (snipercat69/edgeiq-sql-injection-scanner) from ClawHub.
Skill page: https://clawhub.ai/snipercat69/edgeiq-sql-injection-scanner
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install edgeiq-sql-injection-scanner

ClawHub CLI

Package manager switcher

npx clawhub@latest install edgeiq-sql-injection-scanner
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name, description, and code align: the package contains a Python scanner that issues HTTP requests with boolean, time, and UNION payloads and produces local JSON output. Nothing in the files requires unrelated cloud credentials or system-level access.
Instruction Scope
Runtime instructions focus on running the scanner against target URLs (including examples for using EDGEIQ_EMAIL to enable Pro features). The SKILL.md explicitly warns about authorized testing. The code performs arbitrary HTTP requests to targets provided by the user — this is expected for the tool but is a capability that can be misused if run against systems you don't own.
Install Mechanism
There is no install spec; the skill is instruction-only (plus included Python files). No remote downloads or archive extraction are used, so nothing will be pulled from arbitrary URLs during install.
Credentials
The manifest declares no required env vars, but the SKILL.md and code optionally use EDGEIQ_EMAIL and EDGEIQ_LICENSE_KEY and read ~/.edgeiq/license.key (and a stripe_licenses.json path). These are used only for unlocking Pro/Bundle features; the presence of these checks is proportionate to the monetization/licensing behavior but should have been declared in the manifest.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide settings, and does not persist beyond reading/writing the vendor license file in the user's home directory.
Assessment
This is a coherent SQL injection scanner: it issues HTTP requests to target URLs, so only run it against domains you own or explicitly have permission to test. Note the code and docs optionally use EDGEIQ_EMAIL, EDGEIQ_LICENSE_KEY, and ~/.edgeiq/license.key to unlock Pro features — these environment variables and the license file are not declared in the registry metadata but are referenced in the files. If you install/run this skill: (1) review the two Python files yourself (they are included) before executing, (2) avoid scanning third‑party sites without authorization, (3) be aware that Pro/Bundle unlocking is based on local files/env and a hardcoded example email in the code, and (4) check the payment/upgrade links independently before following them.

Like a lobster shell, security has layers — review code before you run it.

latestvk97688yy0ym7683afm0j2baysx85h6gc
95downloads
0stars
4versions
Updated 2d ago
v1.4.0
MIT-0
@snipercat69
latest
Download

SQL Injection Scanner

Skill Name: sql-injection-scanner
Version: 1.0.0
Category: Security / Vulnerability Assessment
Price: Lifetime: $39 / Optional Monthly: $7/mo (includes all Pro features permanently)
Author: EdgeIQ Labs
OpenClaw Compatible: Yes — Python 3, pure stdlib + urllib, WSL + Linux

What It Does

Detects SQL injection vulnerabilities in web application parameters using multiple detection techniques: boolean-based blind injection, time-based blind injection, and UNION SELECT extraction. Designed for security professionals and developers auditing their own applications.

⚠️ Legal Notice: Only scan domains you own or have explicit written authorization to test. Unauthorized scanning is illegal.

Features

  • Boolean-based blind injection — infer SQL truth from page response differences
  • Time-based blind injection — use SLEEP() delays to confirm injection
  • UNION SELECT extraction — pull database version, user, and schema via UNION payloads
  • Auto-detection — automatically identifies which parameter types are injectable
  • Parameter scanner — test multiple parameters in a single run
  • JSON export — structured results for reporting and integration

Tier Comparison

FeatureFreeLifetime ($39)Optional Monthly ($7/mo)
Single URL + parameter test
Boolean blind detection
Time-based detection
UNION SELECT extraction
Multiple parameter scan✅ (unlimited)✅ (unlimited)✅ (unlimited)
JSON export
Custom payload wordlist

Installation

cp -r /home/guy/.openclaw/workspace/apps/sql-injection-scanner ~/.openclaw/skills/sql-injection-scanner

Usage

Basic scan (free tier)

python3 sql_scanner.py --url "https://example.com/product?id=1"

Pro scan (time-based + UNION + multiple params)

EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
  --url "https://example.com/product?id=1&category=2&search=test" \
  --pro

Test specific parameter only

python3 sql_scanner.py --url "https://example.com/search?q=test" --param q

Full bundle scan with JSON export

EDGEIQ_EMAIL=your_email@gmail.com python3 sql_scanner.py \
  --url "https://example.com/api/user?id=1" \
  --bundle --output report.json

As OpenClaw Discord Command

In #edgeiq-support channel:

!sqli https://example.com/product?id=1
!sqli https://example.com/search?q=test --pro
!sqli https://example.com/api?id=1&uid=2 --bundle

Parameters

FlagTypeDefaultDescription
--urlstringTarget URL with parameter(s)
--paramstringallSpecific parameter to test
--proflagFalseEnable Pro features
--bundleflagFalseEnable Bundle features
--outputstringWrite JSON report to file
--delayfloat1.0Delay between requests (seconds)
--timeoutint10Request timeout (seconds)

Output Example

=== SQL Injection Scanner ===
Target: https://example.com/product?id=1

  [1mParameter: id — INJECTABLE 🔴[0m
    Method:     Boolean Blind
    Payload:    ' OR 1=1 --
    True resp:  1423 bytes / 200 OK
    False resp: 0 bytes / 302 redirect
    Confidence: HIGH

  [1mParameter: category — SAFE ✅[0m
    Method:     All checks passed
    Response:   1244 bytes / 200 OK

  Database: MySQL 8.0.23 (via UNION)
  User:     app_user@localhost

  Threat Level: CRITICAL — 1 injectable parameter found

Pro Upgrade

Boolean blind + time-based + UNION SELECT + multiple parameters:

👉 Buy Lifetime — $39 👉 Subscribe Monthly — $7/mo

Support

Open a ticket in #edgeiq-support or email gpalmieri21@gmail.com

🔗 More from EdgeIQ Labs

edgeiqlabs.com — Security tools, OSINT utilities, and micro-SaaS products for developers and security professionals.

  • 🛠️ Subdomain Hunter — Passive subdomain enumeration via Certificate Transparency
  • 📸 Screenshot API — URL-to-screenshot API for developers
  • 🔔 uptime.check — URL uptime monitoring with alerts
  • 🛡️ headers.check — HTTP security headers analyzer

👉 Visit edgeiqlabs.com →

Comments

Loading comments...