Back to skill
Skillv1.0.0
VirusTotal security
BusLah - Singapore Bus Arrivals · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 27, 2026, 4:33 AM
- Hash
- ed6000e0c945f4e12b9346dc542206bfcede873e3145061a1196ab5589186ec8
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: buslah Version: 1.0.0 The skill bundle is benign. It provides Singapore bus arrival information using public APIs. The `SKILL.md` provides clear, non-malicious instructions for the AI agent, outlining steps to geocode locations and fetch bus data. The `bus-arrival.sh` script uses `curl` to query a legitimate bus data API (`https://arrivelah2.busrouter.sg`), but all parameters for the `curl` command are derived from the `config.json` file, not from user input, thus preventing direct shell injection. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection designed to harm the agent or system.
- External report
- View on VirusTotal