Back to skill
Skillv3.2.0
VirusTotal security
Concert Event Tickets · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 3:16 PM
- Hash
- 2535113c8a95d79dcb1c0995371c678bbab50ffe0e43e5b24dfa95a211dbaaa7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: concert-event-tickets Version: 3.2.0 The skill requires the automated installation and execution of a global npm package (@fly-ai/flyai-cli) and performs local file writes for logging (.flyai-execution-log.json). While these behaviors are aligned with the stated purpose of fetching real-time event data, the use of 'npm i -g' and the execution of external binaries represent high-risk capabilities that could be leveraged for remote code execution if the dependency is compromised. The instructions also use strong prompt-steering to ensure the agent relies solely on this CLI tool, bypassing its internal knowledge base.
- External report
- View on VirusTotal