Back to skill
Skillv1.0.0
VirusTotal security
Fanta Autoresearch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 24, 2026, 2:51 AM
- Hash
- 59c79492795206caffc6edd3f9ab836ce4916c8a757201f2a772103472f160ec
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fanta-autoresearch Version: 1.0.0 The skill bundle provides a framework for autonomous optimization loops but contains a shell injection vulnerability in 'scripts/autoresearch-loop.py' via the use of 'subprocess.run(shell=True)' on unsanitized command strings. Additionally, 'SKILL.md' encourages the agent to employ high-risk capabilities such as spawning subagents ('sessions_spawn') and running background processes ('exec') to achieve its goals. While these features are aligned with the stated purpose of 'autoresearch', the combination of autonomous execution and lack of input validation poses a significant security risk.
- External report
- View on VirusTotal