Back to skill
Skillv1.0.5
VirusTotal security
Google Flights Realtime API · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:44 AM
- Hash
- aef14739ed68b2ba8b64bb1840fa40d936ec918dd02d6d86a766b0a1bb26acf1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-flights-realtime-api Version: 1.0.5 The skill is classified as suspicious because SKILL.md instructs the AI agent to generate and execute complex bash scripts to handle parallel API requests for date-range searches. This script template incorporates user-provided data (destinations, dates) into shell commands and uses 'python3 -c' for inline execution, which presents a high risk of shell injection if the agent fails to sanitize inputs. While the functionality is aligned with the stated purpose of searching the Google Flights Live API (google-flights-live-api.p.rapidapi.com), the architectural choice to use dynamic script generation for concurrency is a significant security risk.
- External report
- View on VirusTotal