Back to skill
Skillv3.2.0
VirusTotal security
travel-wallet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 8:01 AM
- Hash
- 1709fec4d095ecf5c34cead43c963c63df3f97552fbd05e8677968545fef7b95
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: travel-wallet Version: 3.2.0 The skill bundle instructs the AI agent to perform a global system modification by installing an external NPM package (`npm i -g @fly-ai/flyai-cli`) if the command is missing (found in `SKILL.md` and `references/fallbacks.md`). While this is presented as a prerequisite for the flight search functionality, executing global installations is a high-risk behavior that could facilitate supply chain attacks. No explicit evidence of data exfiltration or malicious intent was found, but the automated installation of unverified third-party software warrants a suspicious classification.
- External report
- View on VirusTotal