Back to skill
Skillv1.0.4
VirusTotal security
虾皮红利类指数投资分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 9:26 AM
- Hash
- d89ba7bc61a1350c9652f3fe404617a0d41377af496760ec7b4333b0c0578ce8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiapi-dividend-analysis Version: 1.0.4 The skill utilizes `npx daxiapi-cli@latest` to execute a third-party CLI tool and manage API tokens via shell commands in `SKILL.md`. This pattern introduces significant supply chain risks by executing unpinned remote code and creates a potential shell injection vulnerability if the index code parameter (`-c <code>`) is not strictly sanitized by the agent. While the instructions are functionally aligned with financial analysis of dividend indices, the reliance on external execution and shell-based secret handling is inherently risky.
- External report
- View on VirusTotal