Back to skill
Skillv1.0.0
VirusTotal security
trading212 Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- fd67a777b0cc90ea09c3faa7e69754984fab00e61a96d830d6ed728f813e8ece
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trading212-v2 Version: 1.0.0 The skill is classified as suspicious due to vulnerabilities related to arbitrary file path manipulation via environment variables. Specifically, `scripts/proposal_rules.py` and `scripts/snapshot.py` allow overriding the default configuration and snapshot directories using `TRADING212_RULES_PATH` and `TRADING212_SNAPSHOT_DIR` environment variables, respectively. An attacker capable of controlling these environment variables could potentially inject malicious rules or exfiltrate/overwrite data by directing the skill to arbitrary file paths. While the `SKILL.md` contains strong safety instructions for the AI agent, particularly regarding trade execution and the demo/live environment, these file path vulnerabilities present a risk of unintended behavior if exploited.
- External report
- View on VirusTotal