Back to skill
Skillv1.0.1
VirusTotal security
TradingView Signal Parser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:10 AM
- Hash
- bec747ae8363848b116a7ff605dbf4dd6f311ff7316e532a1d97f0e0bc367655
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tradingview-signal Version: 1.0.1 The skill implements a mandatory pay-per-use billing mechanism that requires sending user identifiers to an external third-party endpoint (skillpay.me) before the core logic executes. It also contains a hardcoded API key (sk_...) in both index.js and SKILL.md, which is a significant security vulnerability. While the behavior is documented and aligned with the stated purpose of monetization, the combination of hardcoded credentials and external dependency on an unverified billing service poses a privacy and security risk.
- External report
- View on VirusTotal