Back to skill
Skillv1.0.0
VirusTotal security
LaunchFast Full Research Loop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:31 AM
- Hash
- fe31aedad55de965b2aafb9c3f0240a80067665c144b7580ce4679f4f576c78a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: launchfast-full-research-loop Version: 1.0.0 The skill instructs the agent to save a generated HTML report to a user-specified path (SKILL.md, STEP 1, PHASE 5). This creates a potential arbitrary file write vulnerability if the agent's underlying file system operations do not sanitize the provided path. Additionally, the skill instructs the agent to populate an HTML template with data from external MCP calls (SKILL.md, PHASE 5). Without explicit sanitization of this data before insertion into the HTML, there is a risk of stored Cross-Site Scripting (XSS) if the external data contains malicious HTML/JavaScript. While these are significant vulnerabilities, the skill itself does not contain explicit instructions for malicious actions like data exfiltration or remote code execution, classifying it as suspicious rather than malicious.
- External report
- View on VirusTotal