Back to skill
Skillv3.2.0
VirusTotal security
medical-tourism · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 7:56 AM
- Hash
- 64ee076d3b0959652fafecafbc09c26ac52b87d199e3f9272ac6524a83d4d1d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: medical-tourism Version: 3.2.0 The skill mandates the global installation of an external NPM package (`npm i -g @fly-ai/flyai-cli`) within `SKILL.md` and `references/fallbacks.md` if the tool is not found. While this appears functional for flight searching, requiring an AI agent to install and execute arbitrary third-party binaries is a high-risk behavior that facilitates potential supply chain attacks and host environment modification. Additionally, the instructions use aggressive prompt-injection techniques to force the agent to bypass its internal knowledge and strictly follow CLI-driven execution paths.
- External report
- View on VirusTotal