Back to skill
Skillv1.1.0
VirusTotal security
Charts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:19 AM
- Hash
- bface66e3a41c55a9bead08af19c468bc5a377ee6fbd9f44077c39cc738ceee8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: charts Version: 1.1.0 The skill's `SKILL.md` contains Python code executed via `python3 -c` that includes a placeholder `coin_id = 'COIN_ID'`. This design introduces a critical Python code injection vulnerability. If an AI agent directly substitutes unsanitized user input into this `coin_id` variable, it could lead to arbitrary code execution (RCE) on the host system. While the skill's stated purpose is benign (generating charts) and there's no evidence of intentional malicious exploitation by the skill itself, this significant input sanitization flaw makes it suspicious.
- External report
- View on VirusTotal