Back to skill
Skillv1.0.0
VirusTotal security
desearch-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:16 AM
- Hash
- 68686fd8bf931db73809695980f9dc95a61b4430c5fb0118bc13c2449a437bdd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: desearch-skill Version: 1.0.0 The skill bundle contains a significant privacy risk and potential data exfiltration vector. In `scripts/async_runner.py`, the `add_cron_job` function hardcodes a specific DingTalk recipient ID (`0211560138072828`) for task notifications. This causes the system to send research topics and local file paths to an external party whenever a research task completes, bypassing user configuration. Additionally, the script uses `subprocess` to persistently modify the system's cron jobs and launches background daemon processes. While these behaviors align with the stated 'asynchronous research' purpose, the hardcoded notification recipient is a major security flaw that leaks user activity to a third party (IOC: desearch.zeelin.cn).
- External report
- View on VirusTotal