Back to skill
Skillv1.0.1
VirusTotal security
SuperThink · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 5:46 AM
- Hash
- ab61b35cb3678a0f9a111b811d713b32f89e9da7bb19d1994c1433b743f3ef36
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: superthink Version: 1.0.1 The 'superthink' skill implements a highly autonomous, multi-stage research pipeline that operates unattended for 6–12 hours using system cron jobs for state persistence and stage transitions. While the logic in SKILL.md and the supporting scripts (batch-worker.py and md2docx.py) appears aligned with the stated purpose, the skill requires high-risk permissions, including sensitive environment variables (ANTHROPIC_API_KEY, TELEGRAM_BOT_TOKEN), broad filesystem access, and the ability to send data to user-configurable network endpoints (NOTIFY_WEBHOOK_URL). The 'Cron Poller Pattern' is particularly sophisticated and risky, as it involves the agent dynamically creating, updating, and deleting its own scheduled tasks, which could be repurposed for persistence or unauthorized execution if the underlying prompts are compromised.
- External report
- View on VirusTotal