EODHD CLI
Security checks across malware telemetry and agentic risk
Overview
The skill is not malicious, but it advertises a runnable EODHD CLI that is missing from the package.
Review before installing or publishing. The package should either include the missing scripts/eodhd file or change its metadata to describe an instruction-only planning skill. If later used with a real EODHD token, inject it through OpenClaw secrets and approve raw API calls deliberately because they may consume account quota.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.