Back to skill
Skillv1.0.0
VirusTotal security
US Stock Financials · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 12:46 PM
- Hash
- 111faf678a9ad209002f73769f9abb7d7b1a1ffae8e19ea7e18230f9811d2707
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: us-stock-financials Version: 1.0.0 The skill bundle provides legitimate financial data retrieval from SEC EDGAR but contains a security vulnerability in `scripts/sec_finance.py`, which implements a fallback mechanism that disables SSL certificate verification (`ssl.CERT_NONE`), exposing the agent to man-in-the-middle (MITM) attacks. Additionally, `SKILL.md` includes instructions to install dependencies using the `--break-system-packages` flag, which can compromise the integrity of the host's system-managed Python environment.
- External report
- View on VirusTotal