Back to skill
Skillv1.0.0
VirusTotal security
持仓诊断分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 10:41 AM
- Hash
- c8c7fd12b677ee0fb193b0455834bf14c2224e648e56624460c497bc80ab8ab9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: holdings-analysis Version: 1.0.0 The skill bundle is a stock analysis tool that exhibits several high-risk coding practices and environment-specific configurations. Specifically, `check_holdings_v4.py` uses `eval()` on data retrieved from a remote API and `exec()` to execute local script content, both of which are significant security vulnerabilities. Additionally, multiple files including `_holdings_std.py`, `analyze_holdings.py`, and `trend_scanner.py` contain hardcoded absolute paths to a specific Windows user profile (`C:\Users\Administrator`), which is highly irregular for a portable skill and suggests it was designed for a specific, potentially privileged environment. While the logic appears aligned with financial analysis, these vulnerabilities and the lack of path sanitization pose a risk to the host system.
- External report
- View on VirusTotal