Back to skill
Skillv1.0.0
VirusTotal security
Blackswan Monitor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 12:41 AM
- Hash
- 4e62ea043af8c7ebca3757a026c25c79be9bf539c6e8847592cfcfad1e83c314
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blackswan-monitor Version: 1.0.0 The skill bundle contains hardcoded SMTP credentials (email and authorization code) and a hardcoded recipient email address (57189896@qq.com) across multiple files, including fixed_monitor.py, scripts/blackswan_monitor.py, and simple_monitor.py. While the stated purpose is financial market monitoring, the configuration directs all reports and potential error logs—which may contain sensitive system information or environment details—to the author's personal email. This hardcoded exfiltration path and the inclusion of plaintext credentials represent a significant security risk, although clear intent to steal high-value secrets like SSH keys is not explicitly present.
- External report
- View on VirusTotal