Back to skill
Skillv1.0.0
VirusTotal security
Stock Market Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 19, 2026, 7:31 AM
- Hash
- 2043d770b58491ddee5002b8db419ba6663ebb3723cd7a35e0b351a6858a7118
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: stock-market-analyzer Version: 1.0.0 The script `scripts/stock_analyzer.py` contains a potential arbitrary file read vulnerability because several functions (e.g., `query_realtime_price`) accept a user-controlled `file_path` argument that is passed directly to `pandas.read_csv()` without validation. This could allow an attacker to exfiltrate sensitive system files if they can influence the function arguments via prompt injection. Additionally, the code relies on an external module `kimi_finance` that is not declared in the `requirements.txt` file, which is a discrepancy in the bundle's dependency management.
- External report
- View on VirusTotal