Back to skill
Skillv1.0.0
VirusTotal security
vibetrading-ai-trading-code-generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:53 AM
- Hash
- ce69506460811cbe41d3c9cfcb63486b8450315421e46ad9fc16b0eb303df070
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vibetrading-code-gen Version: 1.0.0 The skill is classified as suspicious due to its core functionality involving dynamic code generation and execution, which inherently carries high risks. Specifically, `backtest_engine/historical_backtest.py` and `scripts/backtest_runner.py` use `importlib.util.spec_from_file_location` and `spec.loader.exec_module` to load and run generated strategies, while `scripts/code_validator.py` uses `subprocess.run` to execute Python commands for validation. These capabilities, though necessary for a code generator and backtester, represent significant Remote Code Execution (RCE) vulnerabilities if input (e.g., user prompts, generated code content) is not perfectly sanitized. While there is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or backdoor installation, the presence of these high-risk, exploitable capabilities warrants a 'suspicious' classification.
- External report
- View on VirusTotal