Back to skill
Skillv1.0.3
VirusTotal security
DeepThinking Framework · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- def36c5dbdfb05d6f0a5672791c4f5303ff6c859b271e5dbce368d1c59548be5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: deepthinking Version: 1.0.3 The skill implements a highly complex 'self-evolving' framework that uses local Python scripts to manage state and memory. While the stated intent is a cognitive thinking tool, it exhibits high-risk behaviors: it uses `subprocess.run` to execute shell commands (including `grep` with potentially unsanitized user input in `memory.py`, posing a shell injection risk) and includes an 'evolution' engine in `evolve.py` that allows the agent to propose and apply its own logic/prompt updates via a nightly cron job. Although safety checks are present to prevent destructive modifications, the combination of self-modifying behavior, shell execution, and persistent background tasks (cron) represents a significant attack surface.
- External report
- View on VirusTotal