autoresearch

Fail

Audited by Gen Agent Trust Hub on Jun 29, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill mandates the autonomous setup of persistence mechanisms. It requires the agent to configure a 10-minute cron job or use the /loop command immediately upon initialization to ensure continuous execution without further user intervention.
  • [PROMPT_INJECTION]: Contains explicit instructions to override standard human-in-the-loop safety protocols. The instructions state, "Do not ask the user for permission or confirmation — use your best judgment and keep moving," and emphasize that the human is "asleep or busy," encouraging high-autonomy operations that bypass oversight.
  • [REMOTE_CODE_EXECUTION]: The skill directs the agent to install and execute third-party Python packages (e.g., semanticscholar, arxiv, weasyprint, playwright) and dynamically routes tasks to a large library of other scripts and skills across the filesystem without a defined verification process for those external components.
  • [DATA_EXFILTRATION]: In certain execution environments (OpenClaw), the agent is instructed to send research reports and data directly to the user via external messaging services such as Telegram or WhatsApp, which involves transmitting local project data to remote third-party servers.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 29, 2026, 12:54 AM
Security Audit — agent-trust-hub — autoresearch