Back to skill
Skillv3.2.0
VirusTotal security
airport-hotel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 6:31 AM
- Hash
- 3fcb115c7ed6a042a9c1bfa462d86851c1c77bef8a7c059f1205ae85b9bceca7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: airport-hotel Version: 3.2.0 The skill bundle is classified as suspicious because it explicitly instructs the AI agent to perform a global installation of an external NPM package (`npm i -g @fly-ai/flyai-cli`) if the command is not found (seen in `SKILL.md` and `references/fallbacks.md`). This is a high-risk supply-chain behavior that allows for the execution of remote artifacts on the host system. While the instructions are aligned with the stated travel-booking purpose and lack clear evidence of intentional harmful behavior like data exfiltration, the automated installation of third-party software is a significant security risk.
- External report
- View on VirusTotal