Back to skill
Skillv1.0.0
VirusTotal security
CoinGecko Price · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- 2853e487459147d0b3b187d86d40189b7e155d1bfc77f7ad34e24e1e1027b575
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coingecko-price Version: 1.0.0 The skill bundle is primarily designed for querying cryptocurrency prices via the CoinGecko API. The `SKILL.md` documentation is benign and does not contain prompt injection attempts. However, the `scripts/crypto-price.py` script exhibits a minor vulnerability: the `coin_id` and `currency` parameters, which are user-controlled inputs, are directly inserted into f-strings for URL construction in `get_simple_price` and `get_top_coins` without proper URL encoding (e.g., using `urllib.parse.quote`). While `urllib.parse.quote` is used for the `query` parameter in `search_coins`, its absence for other parameters could allow for URL parameter injection, potentially leading to malformed API requests to CoinGecko. This is a vulnerability, not clear malicious intent, hence classified as suspicious.
- External report
- View on VirusTotal