Back to skill
Skillv2.3.0
VirusTotal security
Israeli Stock Analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:53 AM
- Hash
- 519c6cd4e48e4a08a4220f38765030105ce09229f871161f487ffc7de807b95e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: il-stock-analysis Version: 2.3.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/fetch_tase_data.sh`. The script directly interpolates user-provided input (`TICKER`) into a `curl` command without proper shell escaping, allowing for arbitrary command execution. While the `SKILL.md` instructions themselves are not explicitly malicious, they direct the AI agent to use this bundled script, creating a potential attack vector if the agent is susceptible to prompt injection. The Python script (`scripts/fetch_tase_data.py`) does not share this vulnerability.
- External report
- View on VirusTotal