autoresearch: global threshold search#23
Conversation
Deploying website with
|
| Latest commit: |
946caf4
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://d2f15826.website-bks.pages.dev |
| Branch Preview URL: | https://autoresearch-global-20260406.website-bks.pages.dev |
Deploying secopsai with
|
| Latest commit: |
946caf4
|
| Status: | ✅ Deploy successful! |
| Preview URL: | https://a5c6fd55.secopsai.pages.dev |
| Branch Preview URL: | https://autoresearch-global-20260406.secopsai.pages.dev |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 946caf4866
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| r"(?i)(nohup\s+.+\s+&\b|/bin/\w+\s+-c\s+.*\s+&\b|start\s+/min\s+powershell|powershell.*-enc\b|" | ||
| r"cscript(?:\.exe)?\s+.*\.vbs\b|osascript\s+.*\.scpt\b|chmod\s+\d+\s+.+&&.+https?://|" |
There was a problem hiding this comment.
The detached-shell alternatives in detect_detached_payload_execution use &\b, but \b after & will not match normal shell backgrounding syntax, so patterns like nohup ... & and /bin/sh -c ... & are effectively never detected through these branches. This causes RULE-112 to miss common detached payload-launch commands unless another fallback regex happens to match.
Useful? React with 👍 / 👎.
| if not risk_tags: | ||
| risk_tags = list(metadata.keys()) if metadata else [] |
There was a problem hiding this comment.
When risk_tags is absent, normalize_row now fills it with metadata field names (for example source_name, detector, fingerprint) rather than risk labels, which silently corrupts tag semantics for downstream filtering and analytics. Any finding without explicit risk_tags will be mislabeled with these synthetic values instead of staying empty.
Useful? React with 👍 / 👎.
1 participant
Automated local autoresearch run.
Baseline F1: 0.864995 (FP=447, FPR=0.3921)
Best score: 0.874385 | F1: 0.875039 (FP=373, FPR=0.3272)
Report: /Users/chrixchange/.openclaw/workspace/secopsai/results/autoresearch-20260406-220009.json
Reproduce: