Back to skill
Skillv3.2.0
VirusTotal security
business-flights · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 8:26 AM
- Hash
- e7bb8677d1dea1a3bb837cf29dc208ed2ec73a1ef9bcba02545fbd165a637e3c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: business-flights Version: 3.2.0 The skill facilitates flight searches by executing shell commands via a CLI tool, which introduces a shell injection vulnerability as user-provided parameters (e.g., origin, destination) are inserted directly into command strings in SKILL.md and playbooks.md without sanitization. Furthermore, the instructions in SKILL.md and fallbacks.md direct the agent to perform high-privilege global package installations (npm i -g @fly-ai/flyai-cli), including the use of sudo, which poses a significant security risk despite being plausibly related to the skill's functionality.
- External report
- View on VirusTotal