Back to skill
Skillv1.0.0
VirusTotal security
UK Trains · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 3:05 AM
- Hash
- c089089c8872b87f27e70474f0539127da040253190796f1d2ca4a7ff00c7d71
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: uk-trains Version: 1.0.0 The skill bundle is benign. Both `scripts/trains.sh` and `scripts/trains.py` interact with legitimate National Rail API endpoints (`huxley2.azurewebsites.net` and `lite.realtime.nationalrail.co.uk`) to query train information, as stated in `SKILL.md`. The `NATIONAL_RAIL_TOKEN` is read from the environment and sent to these APIs, which is an expected and documented behavior for the skill's functionality. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md`.
- External report
- View on VirusTotal