Back to skill
Skillv1.3.0
VirusTotal security
NOFX AI500 Report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:54 AM
- Hash
- 46a7725cf4167c6da608132ccbb4b4b9179abaf55cccd0d78b8eae34361649d7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nofx-ai500-report Version: 1.3.0 The skill is designed to generate crypto market reports and send them to a user-specified Telegram channel, which involves legitimate network access and scheduled execution (cron jobs). However, it contains a hardcoded API key (`cm_568c67eae410d912c54c`) in `scripts/monitor.sh` and `references/ai500-report.py`, which is a security vulnerability. Additionally, `SKILL.md` notes the use of `ssl._create_unverified_context()` for Python, which disables SSL certificate verification and is a significant security anti-pattern. While these are vulnerabilities rather than direct malicious intent, the combination of powerful capabilities (cron job creation, network access, file system writes to `$HOME/.openclaw/workspace/`) and these security flaws makes the skill suspicious.
- External report
- View on VirusTotal