Back to skill
Skillv1.0.0
VirusTotal security
Financial Fraud Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:36 AM
- Hash
- 6d8819ca9509c2265e8806a70afae2a564043cd5e4200482384432357f05ef1a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: financial-fraud-analyzer Version: 1.0.0 The skill bundle is a highly sophisticated financial analysis tool, but it contains several significant security vulnerabilities. Most notably, it includes hardcoded API credentials in 'core/data/sources/tushare_hk_source.py' (Tushare token) and 'config.json' (Alpha Vantage key). Additionally, 'scripts/trend_analysis_system.py' contains logic using unsafe 'eval()' calls to process industry-specific rules, which presents a risk of arbitrary code execution if the rule definitions are sourced from untrusted data. While these appear to be poor security practices rather than intentional malice, they constitute a high-risk surface for the agent environment.
- External report
- View on VirusTotal