Back to skill
Skillv1.0.0
VirusTotal security
A股持仓监控助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:36 AM
- Hash
- 7236e7f8826be040389075f0da528c0fcc5c1971c5b79ebfc76adb5799f806e3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: a-stock-portfolio-monitor Version: 1.0.0 The skill bundle contains a significant shell injection vulnerability in 'scripts/run_monitor.py', where unsanitized user input from the 'code', 'cost', and 'qty' fields is passed directly into 'os.system()' calls. Additionally, 'scripts/portfolio.py' depends on a missing local module named 'analyze.py', which renders the primary analysis functionality broken. While these issues represent poor security practices and incomplete code, there is no explicit evidence of intentional malice, data exfiltration, or hidden backdoors.
- External report
- View on VirusTotal