Back to skill
Skillv1.0.0
VirusTotal security
Portfolio Risk Sensemaker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 11:41 PM
- Hash
- 9f926925b279a7d3e3da4e3fb5cd2e97a9ec34b8a3f897e4d51112cf717945bd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: portfolio-risk-sensemaker Version: 1.0.0 The handler.py file contains a hardcoded absolute path referencing a specific local user directory (/Users/jianghaidong/) and lacks input validation for the skill_name parameter, which introduces a path traversal vulnerability. While the current logic reads the file without exfiltrating its content, the use of absolute paths and unvalidated input are high-risk patterns that deviate from secure coding practices for portable skill bundles.
- External report
- View on VirusTotal