Back to skill
Skillv1.0.1
VirusTotal security
Crypto Daily Dashboard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:36 AM
- Hash
- d18e8c72e00b843cf143d08c72d4ba60e242c54b7399d8c994a8f2a865a026a8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crypto-daily-dashboard Version: 1.0.1 The `dashboard.js` file contains a critical remote code execution (RCE) vulnerability. The `getEconomicStatus` function uses `child_process.execSync` to execute a Python script whose path is directly taken from the `ECONOMIC_TRACKER_PATH` environment variable (`process.env.ECONOMIC_TRACKER_PATH`). This allows an attacker to inject arbitrary shell commands by manipulating this environment variable, leading to command injection. While this is a severe vulnerability, there is no clear evidence of intentional malicious behavior or self-exploitation within the provided files; it appears to be a design flaw rather than malware.
- External report
- View on VirusTotal