Back to skill
Skillv3.2.0
VirusTotal security
remote-work-travel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 2:46 AM
- Hash
- 7d1556b3c2216b5a2dd7eb0be613a1032bcd2154015284693f0bc3ebb584976a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: remote-work-travel Version: 3.2.0 The skill mandates the global installation of an external npm package (@fly-ai/flyai-cli) and executes shell commands using user-provided input for flight searches in SKILL.md and references/playbooks.md. While these capabilities are aligned with the stated travel booking purpose, the requirement for global software installation and the potential for shell injection via unsanitized parameters (e.g., --origin, --destination) represent significant security risks without evidence of malicious intent.
- External report
- View on VirusTotal