Back to skill
Skillv1.0.0
VirusTotal security
Mysteel_MarketAnalysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 24, 2026, 11:41 AM
- Hash
- 9e46ba47437fdd8fba13aae06aab1e88d91ac1c16ed0922f7ccaff51bbdcab17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mysteel-marketanalysis Version: 1.0.0 The skill provides commodity market analysis by calling a remote API (mcp.mysteel.com). It uses the 'exec' tool to run a local Python script (scripts/analyze.py) which reads an API key from a local file (references/api_key.md). While the behavior aligns with the stated purpose, the instruction in SKILL.md to execute a shell command with user-controlled input ('--query "<query>"') presents a potential shell injection vulnerability. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal