Back to skill
Skillv1.0.0
VirusTotal security
dabai/finance-news-brief · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:00 AM
- Hash
- 3aaa6487c936d8ebe2e371c5cfc10c1bc6cab1ee57b399b14ce0470e4b543f69
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: finance-news-brief Version: 1.0.0 The skill exhibits high-risk behaviors including dynamic Python package installation (pip install) and the execution of a headless browser (Chrome/Chromium) with the '--no-sandbox' flag in 'scripts/generate_pdf.py'. It also launches a local HTTP server and uses a custom WebSocket implementation to communicate with the browser's DevTools Protocol for PDF generation. While these actions support the stated goal of generating financial reports, the lack of input sanitization for web-searched content before rendering it in a browser creates a vulnerability for XSS-based attacks, such as local file disclosure or SSRF.
- External report
- View on VirusTotal