Back to skill
Skillv3.2.0
VirusTotal security
festival-flight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 7:51 AM
- Hash
- 4db6e732d376262d6ffcda9ff31840ac6bd9e6ef024184b2799232041321f3df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: festival-flight Version: 3.2.0 The skill requires the agent to install and execute a global NPM package (`@fly-ai/flyai-cli`) to perform flight searches, as specified in SKILL.md and references/fallbacks.md. While these actions are aligned with the stated purpose of the travel tool, the automated global installation of external software and the execution of CLI commands represent a significant supply chain risk and a broad permission set. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal