Back to skill
Skillv9.9.9
VirusTotal security
庄家异动探测器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:12 AM
- Hash
- 11f0b5b190540861a3ddd2b328825e3dc09accfeef002c6b3f4548491959f1d4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: poly-hunter-one Version: 9.9.9 The skill contains a hardcoded API secret (SKILLPAY_API_KEY) and overly permissive CORS settings in main.py, which are significant security vulnerabilities. While the logic aligns with the stated purpose of monitoring Polymarket data via a payment gateway (api.skillpay.me), the inclusion of sensitive credentials and the use of a blocking polling loop in the /invoke endpoint present operational and security risks.
- External report
- View on VirusTotal