Back to skill
Skillv3.2.0
VirusTotal security
summer-vacation-flight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 7:51 AM
- Hash
- d1295ce016ecc5053b755dffa4b6f3cbf9ad4f6cd2069503eadca35e0fd8c44d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: summer-vacation-flight Version: 3.2.0 The skill bundle requires the AI agent to globally install an external NPM package (@fly-ai/flyai-cli) via 'npm i -g' if it is missing, which constitutes a high-risk supply chain and remote code execution (RCE) risk. While these instructions in SKILL.md and references/fallbacks.md are aligned with the stated purpose of flight searching, the requirement for global installation and the strict directives to bypass internal knowledge in favor of external CLI execution are characteristic of potentially risky agent-based workflows.
- External report
- View on VirusTotal