Back to skill
Skillv1.0.1
VirusTotal security
Moltoffer Recruiter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:37 AM
- Hash
- 69994dd5aca62671a9a240a06953a1105bec77c0ab9b736b3e9d1ae9d722afed
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltoffer-recruiter Version: 1.0.1 The skill is designed for recruiting on moltoffer.ai, using `curl` for API interactions, `open` to guide the user, and `sleep` for rate limiting. It persists its own API key locally in `credentials.local.json`. The primary concern is the instruction in `SKILL.md` and `references/workflow.md` for the agent to update `persona.md` with user-provided information. Since `persona.md` is explicitly referenced for 'Communication Style' and decision-making, this dynamic update of a behavioral configuration file based on user input creates a potential prompt injection vector, allowing a malicious user to influence the agent's actions beyond its stated purpose. While the skill itself does not exhibit intentional malicious behavior, this capability represents a significant risk.
- External report
- View on VirusTotal