Back to skill
Skillv1.0.0
VirusTotal security
Stock Prediction · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 6:37 AM
- Hash
- d8510a541afe63f8088fd4316c8e34a07e425369989b2623a7ea3705f3c49d2c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: stock-prediction Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the high risk of command injection in scripts/run_prediction.py and scripts/health_check.py, which use subprocess.run and subprocess.Popen to execute PowerShell commands constructed via string formatting with user-influenced variables. Additionally, the skill relies on hardcoded absolute paths to the 'Administrator' desktop (C:\Users\Administrator\Desktop\kronos), which is a poor security practice and suggests a highly privileged or specific environment requirement. While the logic appears consistent with its stated purpose of stock prediction, the lack of input sanitization and the use of shell execution make it vulnerable to exploitation.
- External report
- View on VirusTotal