Back to skill
Skillv1.0.0
VirusTotal security
Cta Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:25 AM
- Hash
- 4e43c80011c7b55b3af968bf37008fd7438ae668a9bf1686dd76188f7042d381
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: cta Version: 1.0.0 The OpenClaw CTA skill is benign. It transparently documents its security and privacy practices, which are consistently upheld in the `scripts/cta.mjs` code. User input is properly sanitized using `encodeURIComponent` for API calls, preventing URL injection. The `unzip` command for GTFS data extraction is securely executed via `execFileSync` with an array of arguments, mitigating shell injection risks. All external network calls are directed to official CTA API endpoints over HTTPS, and file system operations are confined to a dedicated local cache directory (`~/.cta/gtfs/`). There is no evidence of data exfiltration, unauthorized access to sensitive files, persistence mechanisms, or malicious prompt injection attempts against the agent.
- External report
- View on VirusTotal