Back to skill
Skillv1.0.0
VirusTotal security
ClawFlight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:47 AM
- Hash
- 5e43afcdc35de9c098c55deb76ae5bcefb3b0e00dc10080e617277394b0c5c38
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawflight Version: 1.0.0 The `clawflight.js` code itself appears benign, performing its stated functions using standard libraries and accessing API keys securely from environment variables. However, the `SKILL.md` documentation contains an ambiguous instruction regarding a 'cron job' for post-flight nudges. While the code only records data for this feature, the instruction 'A cron job will nudge you...' in `SKILL.md` could be interpreted by an AI agent as a directive to create a system-level cron job. This represents a potential prompt injection vulnerability, as the agent might attempt to synthesize and execute a command for this purpose without explicit, safe instructions from the skill, even if the skill's intent is not malicious. Additionally, `SKILL.md` instructs the user to set a `KIWI_API_KEY` which is not used by the provided `clawflight.js` code, indicating a documentation flaw.
- External report
- View on VirusTotal