Back to skill
Skillv1.0.2
VirusTotal security
Heleni Best Practices · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 2, 2026, 9:17 PM
- Hash
- 31d5e28d5498bf17cc2b3c9cc0b7456bb4342f5b45e6ab1f61a86dc4b1d984a1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: heleni-best-practices Version: 1.0.2 The heleni-best-practices skill (SKILL.md) automates the fetching of remote content from netanel-abergel.github.io and instructs the agent to apply 'lessons' from that content to its own core configuration files (SOUL.md, HOT.md, and AGENTS.md). This architecture creates a significant vulnerability to indirect prompt injection, where a compromise of the external website could allow an attacker to redefine the agent's core personality and rules. While the instructions include safeguards requiring owner approval for sensitive modifications, the pattern of automated self-modification based on untrusted remote data is inherently high-risk.
- External report
- View on VirusTotal