Back to skill
Skillv1.0.0
VirusTotal security
Check and book Tennis and Pickleball Courts at Bay Club Gateway · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:14 AM
- Hash
- 5fa4ca0437fc47c9e9c6c2adf22f69d1883bec2ca24eaf68ddc61c2e4e054516
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bayclub-gateway-booking Version: 1.0.0 The skill automates Bay Club court bookings and integrates with Google Calendar. It requires `BAYCLUB_USERNAME`, `BAYCLUB_PASSWORD`, and optionally Google Calendar service account credentials. While the `SKILL.md` instructions for the AI agent are slightly ambiguous regarding the entry point (`bayclub_skills.ts` vs. `cli.ts`), the underlying TypeScript code (`bayclub_skills.ts`, `BayClubBot.ts`, `GoogleCalendarService.js`) handles user inputs (`sport`, `day`, `time`) with sufficient sanitization (type checking, mapping, string comparisons, date parsing) to prevent shell or XPath injection. The use of `--no-sandbox` for browser automation is a general security vulnerability in the execution environment but is common for such tasks and does not indicate malicious intent by the skill developer. No evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection against the agent was found. The requested Google Calendar scope is appropriate for the stated functionality.
- External report
- View on VirusTotal