Back to skill
Skillv0.1.0
VirusTotal security
Deep Research · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:43 AM
- Hash
- f5323476603f4c0d8ac98892dcb55b785562e5ad605a754fc2d6378c871d3d86
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: deep-research-skill Version: 0.1.0 The skill is classified as suspicious due to its explicit allowance of `Bash` execution for both the main agent and dynamically generated child agents, as well as the dynamic generation of child prompts and scripts. While the `SKILL.md` includes strong defensive instructions (e.g., '必须等待用户确认' - must wait for user confirmation, '默认最小权限' - default minimum permissions, '对子进程做边界约束' - bound child processes), these capabilities introduce significant vulnerability risks (e.g., shell injection, prompt injection against child agents) if the agent's input or internal logic is compromised, potentially leading to Remote Code Execution (RCE). There is no direct evidence of malicious intent within the skill's instructions, but the inherent high-risk capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal