Back to skill
Skillv1.0.0
VirusTotal security
Hk LeETF · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:00 AM
- Hash
- 05e3e46eff8a09221eb2c0cb1ea6bb366643c85f556258d59e89aad156b29121
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hk-leetf Version: 1.0.0 The skill's stated purpose for financial analysis appears benign. However, the `SKILL.md` file contains instructions for the AI agent to access specific absolute paths on the host filesystem (`/Users/zst/clawd/HK_LEETF_README.md` and `/Users/zst/clawd/memory/hk_leETF/`). This demonstrates a prompt injection vulnerability, as an attacker could modify these instructions to direct the agent to read sensitive files or write to arbitrary locations on the system, assuming the agent has the necessary filesystem access. While the current paths do not show clear malicious intent, this capability is a significant security risk.
- External report
- View on VirusTotal