Back to skill
Skillv1.0.0
VirusTotal security
HK-101 Living RAG · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 8:26 AM
- Hash
- 3befeb80032f905873c819b36e599413c0fb7a17678b280a2d48ef0417aa2c99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hk101-living-rag Version: 1.0.0 The `SKILL.md` defines a `docsPath` input parameter for a RAG skill, which, if not properly sanitized by the underlying implementation (not provided), could allow an attacker to specify arbitrary file paths (e.g., `/etc/passwd`, `../../sensitive_data`) leading to arbitrary file read or path traversal vulnerabilities. While file access is inherent to a RAG skill over local documents, the broadness of this input without explicit safeguards makes the skill design suspicious due to potential exploitation, rather than benign. There is no evidence of intentional malicious prompt injection or code in the provided files.
- External report
- View on VirusTotal