Back to skill
Skillv1.0.0
VirusTotal security
Data 912 Market Data · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- f5281573aaa9e6fc0ead8da41320ee0f2fdf44faf05f159a1c8c210ff57e24aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: data912 Version: 1.0.0 The skill is classified as suspicious due to a potential shell injection vulnerability in the `SKILL.md` instructions. The agent is instructed to use `curl` commands with user-provided `{ticker}` values (e.g., `curl -s "https://data912.com/historical/stocks/{ticker}"`). If the OpenClaw agent runtime does not adequately sanitize or escape user input before executing these shell commands, a malicious user could inject arbitrary commands, leading to Remote Code Execution (RCE). While the skill explicitly forbids using the `/contact` endpoint and otherwise appears benign, this vulnerability represents a significant security risk.
- External report
- View on VirusTotal