Research
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: solo-research Version: 1.7.1 The skill is classified as suspicious due to its extensive use of powerful tools, particularly `Bash`, `WebSearch`, `WebFetch`, and `Playwright` (browser automation), which provide broad system and network access. While the instructions in `SKILL.md` and `references/domain-check.md` are aligned with the stated purpose of market research (e.g., using `curl` for API calls, `whois`/`dig` for domain checks, `pip install` for a legitimate library), these capabilities present a significant attack surface. An attacker could potentially exploit these tools via prompt injection against the AI agent to execute arbitrary commands, exfiltrate data, or perform other unauthorized actions, even though the skill itself does not demonstrate malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may access Reddit in a way that avoids bot/human-verification controls, which can violate site rules, trigger blocks, or create compliance risk for the user.
The skill explicitly recommends browser automation and old.reddit.com because it avoids Reddit's CAPTCHA/human-verification flow.
MCP Playwright (old.reddit.com) ← BEST: bypasses CAPTCHA, full post + comments
... `www.reddit.com` shows CAPTCHA ("Prove your humanity"), always use `old.reddit.com`Remove the CAPTCHA-bypass framing. Prefer official APIs, normal WebSearch/WebFetch snippets, or user-approved access; if a site blocks automation, stop and ask the user rather than routing around it.
Private notes, past conversations, or source-code details could influence or appear in the generated research.md even when the user expected only public market research.
The skill can pull from persistent knowledge bases, prior sessions, and source-code search, but the visible instructions do not clearly bound which projects, files, sessions, secrets, or prior context may be used.
If MCP tools are available, prefer them over CLI: - `kb_search(query, n_results)` — search knowledge base for related docs - `session_search(query, project)` — find how similar research was done before ... `project_code_search(query, project)` — semantic search over project source code
Require user approval before searching KB/session/code sources, restrict searches to the current project, exclude secrets and unrelated history, and clearly cite any private context used.
Candidate product or domain names may be sent to public registry/DNS/RDAP services, making early naming ideas observable to third parties.
The domain-check reference uses local shell commands and network lookups for whois, DNS, and RDAP. This is purpose-aligned for domain availability checks, but it is still runtime command execution and external querying.
whois "$domain" ... dig +short "$domain" ... curl -sL ... "https://rdap.org/domain/${name}.${ext}"Confirm the domain candidates before running bulk checks, and disclose that name ideas will be queried against external registry and DNS services.