Back to skill
Skillv1.0.0
VirusTotal security
Crypto Kline BTC加密货币K线数据-Binance · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:11 AM
- Hash
- a46b76fb8f0de4060cad9c9eefe6ad61a2fcdf9c2782bcc965c6dc5253cb60f5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: crypto-kline-bn Version: 1.0.0 The skill bundle contains a SQL injection vulnerability in `scripts/crypto-kline.py`, where table names are constructed using f-strings from user-supplied arguments (`--symbol` and `--interval`) without sanitization. Additionally, both `SKILL.md` and `scripts/crypto-kline.py` include a hardcoded local network proxy (http://192.168.10.188:7897), which is atypical for a general-purpose tool and could lead to connection failures or unexpected routing in different environments. While the code's logic is consistent with its stated purpose of fetching Binance K-line data, these implementation flaws pose a security risk.
- External report
- View on VirusTotal