Back to skill
Skillv4.5.0
VirusTotal security
Cfc Disclosure Monitor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 11:41 AM
- Hash
- 106a0d24703e37a549628ed5bb7a5fa0279dcfc1e4cd71696dceb23fb6368a1f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cfc-disclosure-monitor Version: 4.5.0 The skill bundle is a comprehensive pipeline for scraping and analyzing financial disclosure data. It is classified as suspicious due to the presence of hardcoded API keys for MiniMax and GLM services in 'clean_and_eval.py' and 'parser.py', which constitutes a significant credential leak. Additionally, the use of 'subprocess.run' to execute external binaries like 'pdftotext' and 'pdftoppm' in 'phase1_base.py' and 'vlm_ocr.py' presents a potential command injection risk, although the behavior appears consistent with the stated purpose of the tool rather than intentional malice.
- External report
- View on VirusTotal