Back to skill
Skillv1.0.0
VirusTotal security
Crypto Prices in Latam by Criptoya · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- e59771e02a3a9dbb05bdeeb9f122a6bb95871264dcd5e24de3631a241a6133ac
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: criptoya Version: 1.0.0 The skill, designed to fetch crypto prices from criptoya.com, instructs the agent to execute `curl -s` commands with user-controlled parameters (`{exchange}`, `{coin}`, `{fiat}`, `{volumen}`) as detailed in `SKILL.md`. While the skill mentions 'Validar inputs requeridos', it lacks explicit instructions for sanitizing or escaping these parameters before they are interpolated into the shell command. This creates a significant shell injection vulnerability (RCE risk) if an attacker provides malicious input, classifying the skill as suspicious due to this critical flaw.
- External report
- View on VirusTotal