Back to skill
Skillv0.1.3
VirusTotal security
Daolv Hotel Booking · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:37 AM
- Hash
- 5d3b8559784abecaec9860cf5b0077e2e272ad501e03e049fce2055f817cfbd4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: daolv-hotel-booking Version: 0.1.3 The skill bundle appears to be for a legitimate hotel booking purpose, with no evidence of malicious intent or prompt injection against the AI agent. However, it contains a hardcoded `Authorization` bearer token (`mcp_171e1ffa7da343faa4ec43460c52b13f`) in `references/mcp-client-config.json`. This practice is a security vulnerability, as it exposes a secret directly within the skill bundle, making it susceptible to compromise if the bundle is publicly distributed.
- External report
- View on VirusTotal