Back to skill
Skillv1.0.4
VirusTotal security
Kakiyo Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:12 AM
- Hash
- 810367794a154d11164d0b5a633fee19aea0ef529f8c1c4d8df4f2252c110838
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kakiyo Version: 1.0.4 The skill is classified as suspicious due to the presence of the `create_webhook` tool in `SKILL.md`. While a legitimate API feature, it allows the AI agent to configure an arbitrary URL to receive event notifications (e.g., `prospect.replied`). This capability, if exploited via prompt injection, could be used to exfiltrate sensitive data about campaigns and prospects to an attacker-controlled server. There is no explicit malicious instruction within the skill itself, but it presents a significant vulnerability for data leakage if the agent is prompted to misuse this feature.
- External report
- View on VirusTotal