Back to skill
Skillv3.2.0
VirusTotal security
graduation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 25, 2026, 10:41 PM
- Hash
- 89e07c51789694174adca230c8960474f5c698beef5763f15874fdd36e1f92fc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: graduation Version: 3.2.0 The skill is classified as suspicious due to potential shell injection vulnerabilities in SKILL.md and references/playbooks.md, where user-provided parameters (e.g., origin, destination) are directly inserted into CLI commands without explicit sanitization. Additionally, the skill mandates the global installation of an external npm package (@fly-ai/flyai-cli) and performs local file system writes for logging purposes (references/runbook.md), which are high-risk operations that could be exploited if the underlying CLI or the agent's execution environment is not properly secured.
- External report
- View on VirusTotal