Back to skill
Skillv3.2.0
VirusTotal security
Cherry Blossom Trip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 12:46 PM
- Hash
- ac35ba1aa242faa9e65a34d4fefe5def58a29517aadffd65c28be40919f5cdbc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cherry-blossom-trip Version: 3.2.0 The skill mandates the global installation of an external npm package (@fly-ai/flyai-cli) and forces the agent to execute shell commands for all queries, which are high-risk operations. It also includes instructions to maintain an execution log in a local file (.flyai-execution-log.json) and strictly forbids the agent from using its own training data, ensuring total reliance on the external CLI. While these behaviors are aligned with the stated travel-planning purpose, the automated installation of remote artifacts and broad execution requirements represent a significant security risk.
- External report
- View on VirusTotal