Back to skill
Skillv1.0.0
VirusTotal security
VBrokers Trading · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:19 AM
- Hash
- 352f9b5a8858f945920c703a08112513414f83ae036c06f11283430c43bfe23c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vbrokers-trading Version: 1.0.0 The skill bundle provides automated trading capabilities for VBrokers via a local gateway, which is a high-risk activity. It contains security vulnerabilities in `scripts/vbrokers_client.py`, including a hardcoded AES key (`AES_KEY_B64`) and the use of the weak AES-ECB encryption mode for trading passwords. While these flaws pose a risk of credential compromise if the key is not a generic API requirement, there is no evidence of intentional malicious behavior, backdoors, or data exfiltration to external endpoints.
- External report
- View on VirusTotal