Back to skill
Skillv1.0.0
VirusTotal security
Duffel Flights · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:23 AM
- Hash
- d9a7cda28e854797d8319fa9b8d6b4015659cd8be4ed5d438a8e796153ec6391
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: duffel Version: 1.0.0 The skill bundle is benign. It provides a CLI interface to the Duffel Flights API, using standard Python libraries (`requests`, `argparse`) for its functionality. It reads the `DUFFEL_TOKEN` from environment variables for authentication and makes network requests exclusively to `https://api.duffel.com`. Temporary files for caching search results and cancellation quotes are written to `/tmp`, which is a common practice for transient data and does not contain sensitive information like credentials. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the OpenClaw agent in `SKILL.md`.
- External report
- View on VirusTotal