Back to skill
Skillv1.0.2
VirusTotal security
Vnstock Free Expert · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:25 AM
- Hash
- aec0a1a4d0f5b09684a7a25ad357b43644552a0141969b03cb4b6b972030034e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vnstock-free-expert Version: 1.0.2 The skill is designed for legitimate financial analysis using the `vnstock` library. However, the `scripts/invoke_vnstock.py` script allows for highly dynamic invocation of arbitrary Python classes and methods with user-controlled arguments. While intended for broad `vnstock` feature coverage, this capability presents a significant Remote Code Execution (RCE) vulnerability if an AI agent were to be prompted to execute malicious class/method combinations and arguments via this script. There is no evidence of intentional malicious behavior within the skill's code or documentation, but the inherent risk of this dynamic execution makes it suspicious.
- External report
- View on VirusTotal