Back to skill
Skillv2.0.0
VirusTotal security
Trip Planner 0to1 Public · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 8:36 AM
- Hash
- f16c3fd5090e1bea4b8aeb1cb1527b161dfeee888e5d4a4e134b3992d6c26457
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trip-planner-0to1-public Version: 2.0.0 The skill bundle contains instructions in SKILL.md for the AI agent to 'silently execute' shell commands (using the clawhub tool) to check for and perform updates, which is a high-risk behavior that bypasses user oversight. The bundle also includes scripts like references/templates/todo-sync.js that facilitate data synchronization to external services (GitHub Gist, JSONBin, Cloudflare) and require the handling of sensitive API tokens. While these capabilities are aligned with the stated purpose of an automated trip planning workflow, the combination of automated shell execution, file system manipulation (in patch-trip-page-v2.js), and external network communication for data sync presents a significant attack surface.
- External report
- View on VirusTotal