Research

The skill is classified as suspicious due to several risky practices and potential vulnerabilities, despite lacking clear evidence of malicious intent. Key indicators include the `SETUP.md` file using `curl -LsSf ... | sh` for installing `uv`, which introduces a supply chain risk, and the use of `export $(cat ... | xargs)` for loading API keys, which can be vulnerable if the `.env` file is untrusted. Most critically, the `OPENCLAW.md` file instructs the agent to schedule cron jobs with a `message` payload that contains direct command execution instructions (e.g., `Run: parallel-research result <run_id>`). While intended for legitimate functionality, this represents a prompt injection vulnerability that could lead to remote code execution if the `<run_id>` or other parts of the message were controllable by an attacker.