Back to skill
Skillv3.2.1
VirusTotal security
Explore Japan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 3:01 AM
- Hash
- 71606a9aa8ee795d6c3b517b75a1db194afa951578c9837ca30c4885a8679f06
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: explore-japan Version: 3.2.1 The skill mandates the global installation of a third-party NPM package (@fly-ai/flyai-cli) and requires the agent to execute shell commands for all queries, explicitly forbidding the use of internal knowledge. It also includes instructions in references/runbook.md to write execution logs to the local filesystem (.flyai-execution-log.json). While these actions are aligned with the stated purpose of providing real-time travel data via the Fliggy (Alibaba) service, the requirement for high-privilege system modifications and mandatory shell execution constitutes a significant security risk.
- External report
- View on VirusTotal