Back to skill
Skillv1.0.0
VirusTotal security
Find Arbitrage Opps · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:49 AM
- Hash
- a2085a45c5c59bb4d2b687b514dc7bedbd0a958c85adcd760821704738391c15
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: find-arbitrage-opps Version: 1.0.0 The skill is classified as suspicious primarily due to the `curl | bash` pattern found in the `SKILL.md` file under the 'Prerequisites' section. This command (`bash <(curl -s https://raw.githubusercontent.com/hummingbot/skills/main/skills/lp-agent/scripts/check_prerequisites.sh)`) executes arbitrary code fetched from a remote URL, posing a significant supply chain risk and potential for Remote Code Execution (RCE) if the remote script is compromised. While the Python script `scripts/find_arb_opps.py` itself appears to perform its stated function of finding arbitrage opportunities by interacting with a local Hummingbot API and does not show signs of intentional malice or data exfiltration, the `curl | bash` instruction is a critical vulnerability.
- External report
- View on VirusTotal