Back to skill
Skillv1.0.0
VirusTotal security
NYC MTA Transit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:20 AM
- Hash
- 5585e59cbe7979674ca347002ae001ed56c2fd33b822d8a6f8ea0b961ca161e5
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: mta Version: 1.0.0 The OpenClaw MTA skill is classified as benign. The code (`scripts/mta.mjs`) correctly sanitizes all user inputs using `encodeURIComponent()` before incorporating them into API calls, preventing URL injection. File operations are confined to `~/.mta/gtfs/` for caching public GTFS data, and the `execFileSync` command for `unzip` uses a safe array-based argument list with controlled paths, mitigating shell injection risks. All network requests are directed to official MTA API endpoints (`api-endpoint.mta.info`, `bustime.mta.info`, `web.mta.info`). The `SKILL.md` and other documentation files contain no prompt injection attempts or instructions for the AI agent to perform unauthorized actions. The skill's stated purpose, security claims, and code implementation are consistent and demonstrate no malicious intent or significant vulnerabilities.
- External report
- View on VirusTotal