Back to skill
Skillv1.0.7
VirusTotal security
stock trading agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:05 AM
- Hash
- 1663cd856e06321f3364c21113080d84396225c94ff4f689cc24619cf466f1a0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trading-agents Version: 1.0.7 The `trading-agents` skill bundle is classified as suspicious due to the presence of high-risk capabilities, specifically runtime shell execution and extensive network access. In `scripts/stock_advisor.py`, the system uses `subprocess.check_call` to execute `pip install fpdf2` if the library is missing, which constitutes an auto-installation of remote code at runtime. Additionally, the bundle performs extensive network operations, including fetching financial data from Tushare and AKShare APIs and sending diagnostic results to external DingTalk webhooks in `scripts/batch_diagnose.py`. While these behaviors are aligned with the stated purpose of a multi-agent stock analysis system, the use of shell commands for package management and outbound network calls to user-defined endpoints warrants a cautious classification under the provided security guidelines.
- External report
- View on VirusTotal