Back to skill
Skillv1.1.0
VirusTotal security
Technical Indicators · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:21 AM
- Hash
- 6d2b3adb9c05b61c764d9a04039c73915e977984aa3622000ea86d52823b561e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: technical-indicators Version: 1.1.0 The skill bundle provides a comprehensive suite of tools for financial technical analysis, market sentiment scoring, and price prediction using LSTM models. However, it is classified as suspicious due to a critical security vulnerability in `ml_predictor.py`, which uses `pickle.load` to deserialize scaler data. This is a well-known insecure deserialization flaw that can lead to Remote Code Execution (RCE) if a malicious file is loaded. Additionally, `alert_system.py` implements a webhook-based notification system (`FeishuPusher`) which, while functional for its stated purpose, could be leveraged for data exfiltration if the agent is manipulated via prompt injection.
- External report
- View on VirusTotal