Grok Research

The skill is suspicious due to a critical vulnerability: the `SKILL.md` instructs the OpenClaw agent to execute `bun run grok-research.ts <query>` where `<query>` is the user's raw input. If the OpenClaw agent does not properly escape this argument before shell execution, it creates a direct path for shell injection, leading to Remote Code Execution (RCE) on the agent's host. Additionally, the `grok-research.ts` script forwards the user's query 'as-is' to the Grok API, which could allow prompt injection against the Grok model itself. While the script itself does not contain malicious code like data exfiltration or backdoors, the method of command execution exposes a significant vulnerability.