Back to skill
Skillv2.0.0
VirusTotal security
A Stock Trading Assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 7:46 AM
- Hash
- efb669f60488ee2d43ac6c909439c8da1284c08e10cd5c07129637f54d9b00b6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alvis-a-stock-trading-assistant Version: 2.0.0 The skill instructions direct the AI agent to execute a local Python script (fetch_stock.py) using user-provided input as command-line arguments (e.g., --code <代码>), which poses a significant shell injection vulnerability. Furthermore, the core execution logic and data-fetching routines are contained in external files (scripts/fetch_stock.py and references/data-sources.md) that were not provided, making it impossible to verify if the network activity or file-writing operations (to watchlist.md) are strictly benign.
- External report
- View on VirusTotal