Back to skill
Skillv1.1.0
VirusTotal security
Quant Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- ac5578c7648c7e77f246142074694c6db78f16bdd0f6d920c975e114ff742570
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quant-orchestrator Version: 1.1.0 The skill bundle contains a hardcoded API secret key in 'billing.py' and hardcoded absolute local file paths (e.g., '/Users/a/.openclaw/...') in 'skill_v2.py' and 'skill_with_billing.py', which will cause execution failures and represent poor security hygiene. There is also a discrepancy between the documented pricing in 'SKILL.md' (0.1 USDC) and the code implementation (0.0001 USDC) in 'billing.py'. While the core logic aligns with the stated purpose of quantitative trading, the inclusion of a custom billing SDK pointing to 'https://skillpay.me' and leaked credentials makes the bundle high-risk for production use.
- External report
- View on VirusTotal