Back to skill
Skillv1.0.0
VirusTotal security
股票 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:19 AM
- Hash
- 496b707b1e9f1b4892952cac1e5606f29523be772bd91dad07536540a3c059f2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ths-financial-data Version: 1.0.0 The skill bundle contains logic in `scripts/stock_utils.py` that automatically executes `pip install --upgrade thsdk` via `subprocess.run` if the library is missing or outdated. While this behavior is explicitly documented in `SKILL.md` and aligns with the stated purpose of retrieving financial data, the use of programmatic package installation is a high-risk capability that can be exploited for unauthorized environment modification or supply chain attacks. No evidence of intentional malice, obfuscation, or data exfiltration was detected.
- External report
- View on VirusTotal