Back to skill
Skillv1.0.0
VirusTotal security
Context Engineering (Koylan) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- bb44cf6527dc3624341d3b91d4f005ca9184c180a4ff86517d88727193cc1886
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: levineam-context-engineering Version: 1.0.0 This skill is suspicious due to its design allowing for remote instruction execution and supply chain vulnerability. The `SKILL.md` explicitly instructs the AI agent to fetch sub-skill documentation (`SKILL.md` files) from a remote GitHub repository (`https://raw.githubusercontent.com/muratcankoylan/Agent-Skills-for-Context-Engineering/main/skills/<sub-skill>/SKILL.md`) and then to 'Follow the instructions in that file.' This creates a critical prompt injection vulnerability and supply chain risk, as a compromise of the upstream GitHub repository could lead to the agent executing arbitrary malicious instructions (e.g., data exfiltration, unauthorized actions) embedded in the remotely loaded Markdown files.
- External report
- View on VirusTotal