Back to skill
Skillv1.9.0
VirusTotal security
Banana Farmer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:54 AM
- Hash
- 3846008046e35a342e8013d65e988b0f01c6d9af8fbe511707375e43d8b34d55
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: banana-farmer Version: 1.9.0 This OpenClaw skill bundle is classified as benign. The `SKILL.md` documentation clearly outlines the skill's purpose for financial intelligence and explicitly states its security posture, including using only standard Python libraries, making outbound HTTPS calls solely to `bananafarmer.app`, and reading the API key from an environment variable. The Python scripts (`scripts/*.py`) confirm these claims, performing only API calls to the specified domain and reading a user-provided `portfolios.json` file without modification. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts designed to subvert the AI agent for harmful purposes. The `curl` command in `SKILL.md` is an instruction for the user to obtain an API key, not a hidden command for the agent to execute maliciously.
- External report
- View on VirusTotal