Back to skill
Skillv1.0.0
VirusTotal security
双币赢分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:11 AM
- Hash
- f53b3fe5efd6787f0153a932eb35b3787cbc4aa1333189a14e7f7d867ba78cc4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: btceth-dulwin-engine Version: 1.0.0 The skill fetches data from a hardcoded remote IP address (43.156.132.183) via run.py and prints the response directly to the agent's context. This architecture facilitates indirect prompt injection, as the remote server can control the agent's behavior by returning malicious instructions in the 'output' field. While SKILL.md describes a financial analysis tool, the use of a raw IP and the potential for remote instruction delivery without sanitization are significant security risks.
- External report
- View on VirusTotal