Back to skill
Skillv3.2.0
VirusTotal security
lunar-new-year-flight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 7:46 AM
- Hash
- 5dd4d21ff6ec68c82544c21e4dfb87c99be7d029d64d19135c1ef25aedde21fe
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lunar-new-year-flight Version: 3.2.0 The skill mandates the automatic global installation of an external npm package (@fly-ai/flyai-cli) via 'npm i -g' if the command is not found, as seen in SKILL.md and references/fallbacks.md. While this behavior is functionally linked to the flight-searching purpose, requiring an AI agent to perform global software installations and execute shell commands poses a significant security risk for supply-chain attacks or unauthorized system modification.
- External report
- View on VirusTotal