Back to skill
Skillv1.0.1
VirusTotal security
虾皮市场风格轮动分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:46 AM
- Hash
- 33e71c8eb6b2a67e74f831013958193400d27c6b13f9b37d0c76de32257df096
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: xiapi-style-rotation Version: 1.0.1 The skill facilitates financial market analysis by interfacing with an external service via the 'daxiapi-cli' tool. It is classified as suspicious because it directs the AI agent to execute shell commands using 'npx daxiapi-cli@latest', which introduces supply chain risks by fetching unpinned remote code. Additionally, the instructions for configuring API tokens (SKILL.md and references/token-setup.md) involve passing user-provided strings directly into shell commands, creating a potential surface for shell injection attacks if the agent does not properly sanitize inputs.
- External report
- View on VirusTotal