Back to skill
Skillv1.0.3
VirusTotal security
Huo15 Autoresearch Loop · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 4:21 AM
- Hash
- 683203702d982ea9eb6b58c5754fd659a3a5f4197d8918745eb8fc6e6349988c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: huo15-autoresearch-loop Version: 1.0.3 The skill implements an autonomous 'Modify-Verify-Repeat' loop that is inherently high-risk due to its ability to execute arbitrary commands and modify the local filesystem. Significant security vulnerabilities exist in `scripts/loop.sh` (via `eval "$CLAUDE_TASK"`) and `scripts/verify.sh` (via `bash -c "$verify_cmd"`), which allow for arbitrary command execution if the input is not strictly controlled. While these behaviors align with the stated purpose of an autonomous research agent, the lack of input sanitization and the use of powerful shell execution functions make it highly susceptible to exploitation.
- External report
- View on VirusTotal