Back to skill
Skillv1.0.0
VirusTotal security
Beijing Tech Finance · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:57 AM
- Hash
- 689f00f209f39a7986826f5cf01a53627000fa0c27e22938fa9924ba21569aef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: beijing-tech-finance Version: 1.0.0 The `scripts/monitor_budget.py` file is vulnerable to path traversal. It directly uses `sys.argv[1]` as a file path to load a JSON budget file without sanitization. While the script only reads and parses the JSON content, a malicious prompt could instruct the AI agent to read arbitrary JSON files on the system (e.g., configuration files, credentials if formatted as JSON), leading to information disclosure. This is a vulnerability that allows an attack, classifying the skill as suspicious rather than benign or malicious.
- External report
- View on VirusTotal