Back to skill
Skillv1.0.3
VirusTotal security
Trend Scope Report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 7, 2026, 2:56 AM
- Hash
- 59ffc70447bf1a033f1b8e47d491eb59a01156401c06d68cdca1cc3782d897d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trend-scope-report Version: 1.0.3 The TrendScope skill generates sentiment analysis reports by communicating with a hardcoded remote IP address (221.6.15.90) over unencrypted HTTP and writing files directly to the user's '~/Desktop' directory. While these capabilities are aligned with the stated purpose of the skill, the use of hardcoded network endpoints, unencrypted transmission of API keys, and direct filesystem manipulation in high-privilege paths are high-risk behaviors. Additionally, the instructions in 'skill.md' for the AI agent to execute shell commands via 'report_cli.py' present a potential shell injection vulnerability if the agent fails to sanitize user-provided query strings.
- External report
- View on VirusTotal