Back to skill
Skillv1.1.0
VirusTotal security
Competitor Radar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:21 AM
- Hash
- ce3bba691e3972d82167b60a381e73c75f00c6cb82546555c03ccbe9d7dffd3b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: competitive-radar Version: 1.1.0 The skill implements a competitor intelligence system that uses high-risk capabilities including automated cron job management, extensive use of subprocess to execute curl for network requests, and handling of multiple sensitive API tokens (Slack, Telegram, Twilio). While these behaviors align with the stated purpose, the scripts (notably scrape.py and jobs.py) are vulnerable to path traversal because they use competitor 'slugs'—which are derived from user-provided names—to construct file paths without sanitization. The skill also includes strict license enforcement logic within the SKILL.md instructions that restricts functionality based on a Gumroad verification check.
- External report
- View on VirusTotal