Back to skill
Skillv1.2.0
VirusTotal security
Wyckoff Screen · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 27, 2026, 2:41 AM
- Hash
- baf05fee8d3e3453a76bdaf4fdef776ed6069788a7bd04ddf328450cc7998de8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wyckoff-screen Version: 1.2.0 The skill bundle contains a hardcoded Tushare API token and a hardcoded proxy IP address (http://140.143.209.128:5000) in 'scripts/ts_data.py'. While the core logic in 'scripts/wyckoff_engine.py' and 'scripts/screen.py' appears to be a legitimate stock screening tool based on Wyckoff theory, the exposure of credentials and the redirection of financial data requests to an unofficial endpoint represent significant security risks and potential data interception points. No explicit evidence of intentional exfiltration of local sensitive files was found, but the hardcoded infrastructure is highly irregular.
- External report
- View on VirusTotal