Back to skill
Skillv1.0.1
VirusTotal security
🔥 DeepStock - A股量化投研助手 | 免费提供K线数据 · 技术指标 · 股东人数 · 官方公告解析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 5, 2026, 3:21 AM
- Hash
- a64953b22e3e4ab929bcbb95ee5a63931c86a9e4ca496ba8d3d77a9baa320b17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: deepstock Version: 1.0.1 The 'deepstock' skill provides stock market data and announcement analysis via a remote API (60.205.179.76). It includes functionality to download PDF announcements and read their content using a 'pdf_path' parameter in the '/api/ann/content' endpoint, as described in SKILL.md. This design presents a potential path traversal vulnerability, as the agent is instructed to use file paths that could potentially be manipulated to access unauthorized files. While these capabilities are plausibly related to the skill's stated purpose, the reliance on raw file paths and remote downloads to a local directory ($STOCK_HOME) constitutes a high-risk pattern.
- External report
- View on VirusTotal