Back to skill
Skillv3.2.0
VirusTotal security
babymoon · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 6:26 AM
- Hash
- e86f06ea3515cacded6eb03f8dab25dbf921748c091bf8a369ffb68b34ec28a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: babymoon Version: 3.2.0 The skill bundle requires the AI agent to perform global software installation (`npm i -g @fly-ai/flyai-cli`) and execute shell commands to function, as documented in SKILL.md and references/fallbacks.md. While these actions are consistent with the stated purpose of providing flight data, the requirement for global installation and arbitrary CLI execution poses a significant security risk and potential for supply chain attacks. No clear evidence of intentional malice, such as data exfiltration or backdoors, was identified.
- External report
- View on VirusTotal