Back to skill
Skillv2.0.4
VirusTotal security
旅游意外险 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 9:26 AM
- Hash
- 54a5726670c101cc089f4dcbaf6102e814542d53ad99dbd54fa73248de302615
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: buy-travel-accident-china Version: 2.0.4 The skill facilitates travel insurance transactions via the 'uzyun.cn' API but requires the AI agent to perform high-risk actions, including executing shell commands (date, curl) and storing sensitive PII (Chinese ID numbers, mobile numbers, and auth tokens) in a local plaintext file ('.agent-state.json'). While these capabilities are plausibly needed for the stated purpose, the instructions to manage unencrypted sensitive data and execute system commands represent a significant security risk and potential for exploitation, fitting the criteria for suspicious behavior rather than clear malice.
- External report
- View on VirusTotal