Back to skill
Skillv1.1.0
VirusTotal security
Prediction Stack Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:55 AM
- Hash
- 65f4bdb8a843dc5ed70a31904406c1f1e1a7515f9211912005a2ba0e16d43aae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prediction-stack-orchestrator Version: 1.1.0 The bundle implements a complex trading orchestrator for Kalshi markets. The primary concern is the 'monitor/server.py' script, which acts as a local web server that exposes sensitive system information, including active process lists (via 'ps aux'), recent logs, and financial configuration files (Kelly criterion parameters and ensemble weights) over an unauthenticated HTTP API bound to all interfaces (0.0.0.0:3333). While these features align with the stated goal of providing a dashboard, the lack of authentication and the use of 'Access-Control-Allow-Origin: *' create a significant information disclosure risk and a broad attack surface on the host machine.
- External report
- View on VirusTotal