Back to skill
Skillv1.0.0
VirusTotal security
Omni Research · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:35 AM
- Hash
- 5503484c7a9455c977215f76fe61ff498e56601b5cf5ca50cc3332959a4b67a2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: omni-research Version: 1.0.0 The skill utilizes Chrome DevTools Protocol (CDP) to interact with the user's browser, which is a powerful capability that allows extensive control over browser tabs, including JavaScript execution (`eval_js` in `browser.py`). While the `eval_js` calls in this skill use hardcoded JavaScript and user queries are inserted via `Input.insertText` (safer), the inherent power of CDP and `eval_js` presents a significant vulnerability if not handled with extreme care or if the skill were to be modified. Additionally, the `research.py` script feeds extracted text from potentially untrusted websites into a synthesis LLM, creating a risk of indirect prompt injection or 'data poisoning' against the LLM, even though the synthesis prompt itself is designed for summarization. The `cliproxy_url` defaults to localhost, preventing direct external exfiltration by default, but the overall risk profile warrants a 'suspicious' classification due to these powerful and potentially exploitable capabilities.
- External report
- View on VirusTotal