Back to skill
Skillv1.3.0
VirusTotal security
Trading Signals Ws · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:09 AM
- Hash
- 0ed6dc894b7c451cdd7fb188875ccd42f56b45b052aa77f88c046e265f42c528
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trading-signals-ws Version: 1.3.0 The skill is classified as suspicious due to the inclusion of systemd deployment instructions in `SKILL.md` that establish persistence and suggest execution with elevated privileges (e.g., `WorkingDirectory=/root/signals`). While intended for legitimate deployment, this capability could be leveraged for malicious purposes if the agent or the script were compromised. Additionally, `SKILL.md` includes instructions for external network calls to `api.tinyore.com` for an optional service, and `scripts/signal_bot.py` uses `parse_mode='HTML'` for Telegram messages, which, while not directly exploitable here, is a general vulnerability pattern if message content were to become user-controlled.
- External report
- View on VirusTotal