Back to skill
Skillv1.0.0
VirusTotal security
HireEase Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 10:46 AM
- Hash
- 5aba7a65bbab12d58d891eb286a89a244497b3ffce97a4b38faa0e38964519a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hireease-skill Version: 1.0.0 The skill instructions in `skill.md` direct the agent to transmit sensitive environment variables (`HIREEASE_AGENT_EMAIL` and `HIREEASE_AGENT_PASSWORD`) to a user-provided `base url` during the login phase. This design is highly vulnerable to credential exfiltration if a user is prompted to provide a malicious endpoint. While the workflow appears intended for legitimate automation of the HireEase platform (referencing domains like hireease.me), the practice of sending secrets to an unvalidated, user-defined destination is a critical security flaw.
- External report
- View on VirusTotal