Back to skill
Skillv1.0.0
VirusTotal security
TfL London Transit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:20 AM
- Hash
- 4df776ca100124da6d88657cb3ddcc7a6c1ba46877e941179a261f9610ce2418
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: tfl Version: 1.0.0 The OpenClaw skill is designed to provide real-time London TfL transit data. The `scripts/tfl.mjs` file, which contains all the logic, uses native Node.js modules and `fetch` without any external dependencies, minimizing supply chain risks. User inputs are consistently sanitized using `encodeURIComponent()` before being included in API URLs, preventing injection vulnerabilities. The skill only communicates with the official `api.tfl.gov.uk` endpoint, and the optional `TFL_API_KEY` is handled securely as a query parameter. There is no evidence of data exfiltration, malicious execution (e.g., `eval`, `child_process`), persistence mechanisms, or obfuscation. The `SKILL.md` and `README.md` files contain clear, benign instructions for the AI agent, focusing solely on the skill's intended purpose without any prompt injection attempts to subvert the agent's behavior.
- External report
- View on VirusTotal