Back to skill
Skillv1.0.0
VirusTotal security
Tradebot Ops · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:54 AM
- Hash
- a02271b4cbde92a00351c3dcefd2c8b3bf41ef4d31b7eff13c50af2ab4a4e2dc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tradebot-ops Version: 1.0.0 The `SKILL.md` file instructs the AI agent to perform operational tasks, including stopping and restarting a trading bot process. Specifically, the instruction "stop bot PID (runtime or heartbeat pid) → apply+restart" implies the agent will execute system commands to manage processes. If the PID is sourced from input files like `dist/out/live_heartbeat_*.json` without robust sanitization, this creates a potential shell injection vulnerability, allowing an attacker who can modify these files to execute arbitrary commands. While the stated purpose is benign (bot operation), this capability introduces a significant security risk due to potential command injection, classifying it as suspicious.
- External report
- View on VirusTotal