Back to skill
Skillv3.2.0
VirusTotal security
anniversary · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 6:21 AM
- Hash
- a211458c75f9c277ce1276481f966467ecc49e3967e23da974850432fe49b39f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: anniversary Version: 3.2.0 The skill requires the global installation of an external NPM package (@fly-ai/flyai-cli) and executes CLI commands with parameters derived from user input. While these capabilities are plausibly necessary for the flight-booking functionality described, the requirement for high-privilege system modifications (npm i -g) and the potential for supply chain risks or command injection via the CLI interface warrant a suspicious classification. No explicit evidence of malicious intent or data exfiltration was found in the provided files (SKILL.md, references/playbooks.md).
- External report
- View on VirusTotal