Back to skill
Skillv1.0.0
VirusTotal security
PyWenCai Stock · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:25 AM
- Hash
- d625cd2466eafcda0c89e2a28ae85e5bc944026273d72cf36bd101a0608f23e8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pywencaistock Version: 1.0.0 The skill bundle is classified as suspicious due to the inclusion of security vulnerabilities and irregular coding practices. Specifically, SKILL.md recommends disabling SSL certificate verification (ssl._create_unverified_context) as a troubleshooting step, which is a high-risk action that exposes the agent to man-in-the-middle attacks. Additionally, scripts/example.py contains a hardcoded path modification (sys.path.insert(0, '/tmp/mootdx')), which is an unusual practice that could be exploited in shared environments. While the core logic for fetching stock data via the pywencai library appears aligned with its stated purpose, these flaws introduce significant security risks.
- External report
- View on VirusTotal