Back to skill
Skillv1.0.2
VirusTotal security
TravelSmart · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 8, 2026, 3:26 AM
- Hash
- 7f141c9cc5d4a25fb50b74f4bc78cd11caeb8ae53768a05b1bdc53bb059c191c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pete2048-travel-smart Version: 1.0.2 The skill bundle contains a hardcoded Feishu (Lark) Chat ID (oc_b596d3738065b40181b73144a8943999) and a '/notify' endpoint in 'server.py' that is unrelated to the travel assistant's core functionality. This endpoint is described as a callback for a 'quantitative system' and allows external entities to send messages to the hardcoded chat using the user's FEISHU_APP_ID and FEISHU_APP_SECRET. While the primary travel logic appears benign, the presence of an undocumented notification bridge to a specific external chat ID is a significant privacy risk and potential data exfiltration vector.
- External report
- View on VirusTotal