Back to skill
Skillv1.0.0
VirusTotal security
Zouroboros Autoloop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 13, 2026, 8:11 PM
- Hash
- d226122458ac4189ab3726ae380f82e74d60c6d14e5a91aed3e0edc9cf842546
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zouroboros-autoloop Version: 1.0.0 The bundle implements an autonomous optimization loop that modifies local files and executes arbitrary shell commands (setup, run, and metric extraction) defined in a user-provided 'program.md' file. While this aligns with its stated purpose of 'autoresearch,' the core logic in 'src/autoloop.ts' and 'src/mcp-server.ts' relies on 'execSync' and 'spawn' to run potentially untrusted commands and uses an external LLM 'executor' to generate code changes. This architecture creates a significant risk of Remote Code Execution (RCE) if the configuration or the LLM output is compromised, though no explicit evidence of intentional malice (e.g., data exfiltration or backdoors) was found.
- External report
- View on VirusTotal