Back to skill
Skillv1.0.3
VirusTotal security
cryptofolio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:35 AM
- Hash
- 3dde350e0e62b9376eda1c22d9d26f1604b436395a733308fdbea5a98efab4cb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cryptofolio Version: 1.0.3 The bundle is a crypto portfolio manager that includes a local web server (scripts/serve.mjs) for data visualization. This server contains a path traversal vulnerability because it joins the web root with the requested URL path without sanitization, potentially allowing unauthorized access to sensitive files on the host system. While the tool's core features—such as CLI-based asset tracking, AI-assisted data entry via Claude/OpenAI, and optional cloud synchronization via Cloudflare Workers—align with its stated purpose, the inclusion of an insecure file server is a significant security flaw.
- External report
- View on VirusTotal