Back to skill
Skillv1.1.0
VirusTotal security
FireAnt Stock Price Checker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:16 AM
- Hash
- 84283aaeaaacba56da031abec05e8b1348b8bff89a2071c3589037a36efc74e9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fireant-stock Version: 1.1.0 The skill is classified as suspicious due to its use of `subprocess.run` in `scripts/check_stock.py` to execute an external binary (`agent-browser`) with user-controlled input (stock symbols). While the script uses a list of arguments for `subprocess.run`, which mitigates direct shell injection from the Python side, executing external binaries with user input always introduces a higher risk profile, as vulnerabilities could exist within the `agent-browser` tool itself or its argument parsing. Additionally, the `agent-browser` executable path is hardcoded (`/Users/loc/Library/pnpm/agent-browser`), which is a minor concern for portability and environment consistency, though not a direct security vulnerability. No clear evidence of intentional malicious behavior (e.g., data exfiltration, backdoors, prompt injection within SKILL.md) was found.
- External report
- View on VirusTotal