Back to skill
Skillv3.2.0
VirusTotal security
group-flights · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 25, 2026, 11:06 PM
- Hash
- 4fdbae230a3a6c34f55a6c0506cb0c9c457bc65baf51cd9a0b8414ffc1ab6678
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: group-flights Version: 3.2.0 The skill bundle mandates the global installation of an external NPM package (@fly-ai/flyai-cli) and explicitly instructs the agent to use 'sudo' if the installation fails (SKILL.md, references/fallbacks.md). It also requires the agent to persist execution logs to a local hidden file (references/runbook.md). While these capabilities are plausibly related to the skill's function as a CLI wrapper, the promotion of high-privilege system modifications and unauthorized file writes constitutes a significant security risk without clear evidence of malicious intent.
- External report
- View on VirusTotal