Back to skill
Skillv0.1.7
VirusTotal security
Yahoo Claw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:49 AM
- Hash
- a5283fcced8b418c08217b4586f836befbc7eca91d219d5f68be5610fd06233e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yahooclaw Version: 0.1.7 The yahooclaw skill bundle provides comprehensive financial data integration for OpenClaw, including real-time quotes and technical analysis. However, it is classified as suspicious due to a hardcoded Alpha Vantage API key ('9Z6PTPL7AB5M5DN3') found in 'test-alpha.js', which constitutes a credential exposure vulnerability. While the core logic in the 'src/' directory appears to align with the stated purpose and uses environment variables for production configuration, the inclusion of hardcoded secrets in test files is a high-risk practice.
- External report
- View on VirusTotal