Back to skill
Skillv0.3.2
VirusTotal security
TradeMemory Protocol · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:58 AM
- Hash
- ab29df51c8746969ece8c36a757958a9feeb6161c931987f22b6739a75fc078a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tradememory Version: 0.3.2 The skill is classified as suspicious due to its explicit capability to send sensitive trade data to an arbitrary remote endpoint configured via the `TRADEMEMORY_API` environment variable, as documented in `SKILL.md`. While the documentation advises users to only use endpoints they control, this represents a significant data exfiltration risk if misconfigured or if a user is tricked into using a malicious endpoint. Additionally, the skill sends 'anonymized trade patterns' to the Claude API via `ANTHROPIC_API_KEY` for reflection, which, while a stated purpose, involves sending user data to a third-party service. The setup scripts (`install.sh`, `setup_mt5.sh`) perform standard installation and repository cloning, and handle MT5 credentials locally without evidence of direct exfiltration within the provided files.
- External report
- View on VirusTotal