Back to skill
Skillv1.0.0
VirusTotal security
A Stock Monitor 1.1.2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:13 AM
- Hash
- b2416446d36c95e6c0f276dd0b7d1d95939b5ac1db8d6ab8403b9a085bc77801
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: a-stock-monitor-1-1-2 Version: 1.0.0 The stock monitoring bundle contains several security vulnerabilities and configuration flaws despite its functional alignment with the stated purpose. Specifically, scripts/stock_cache_db.py contains a hardcoded absolute path to a local user directory (/Users/jamemei/...), which will cause execution failures on other systems. Additionally, scripts/web_app.py includes hardcoded default administrative credentials (e.g., 'admin123') and a static Flask secret key, which are significant security risks if the web interface is exposed. These issues are classified as unintentional vulnerabilities rather than intentional malware.
- External report
- View on VirusTotal