Back to skill
Skillv1.0.0
VirusTotal security
content-stock · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 7, 2026, 8:26 AM
- Hash
- 58bb54bb2fea32cccb5ea2426eda6b5f77a8442d53bc444d356f85134147616f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: content-stock Version: 1.0.0 The skill transmits a sensitive credential (EASYALPHA_API_KEY) to a remote endpoint over unencrypted HTTP in content_stock.js, which is a significant security vulnerability. Additionally, the use of a placeholder or hardcoded IP address (http://[IP_ADDRESS]) instead of a verified domain for an API service is unusual and risky for a production skill.
- External report
- View on VirusTotal