Back to skill
Skillv1.0.0
VirusTotal security
auto-test-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:11 AM
- Hash
- ac234567bad25b187237066ff1311d5f6b1ae6a170dd1cb175cc7b7ae85fb2d4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-test-skill Version: 1.0.0 The bundle is a sophisticated stock and cryptocurrency analysis toolset that includes scripts for portfolio management, dividend analysis, and trend scanning. It exhibits several high-risk behaviors, including extensive network access for scraping data from Yahoo Finance, Google News, CoinGecko, and Reddit, as well as the execution of external processes via `subprocess.run` (e.g., in `hot_scanner.py` and `watchlist.py`). While these capabilities are plausibly required for the skill's stated financial analysis purpose, the combination of scraping, subprocess execution, and hardcoded environment-specific paths (such as the `bird` CLI path in `rumor_scanner.py`) warrants a suspicious classification under the provided criteria. No evidence of intentional malice or unauthorized data exfiltration was found.
- External report
- View on VirusTotal