Back to skill
Skillv1.0.2
VirusTotal security
Travel Itinerary Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 29, 2026, 5:02 AM
- Hash
- 82c1225e3740ba18e24871075babde5f399287e749eacb4469ad5bcfe5534806
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: travel-itinerary-builder Version: 1.0.2 This skill is classified as suspicious due to its explicit access to sensitive Gmail data via the `gog` CLI (`scripts/gmail_parser.py`) and its reliance on external CLI tools (`gog`, `goplaces`, `curl`). Furthermore, the installation of `goplaces` from a third-party Homebrew tap (`steipete/tap/goplaces`) introduces a supply chain vulnerability. While the `SKILL.md` is transparent about these capabilities and associated risks, the inherent access to personal data and the dependency on external, potentially less scrutinized, binaries warrant a 'suspicious' classification. There is no evidence of intentional data exfiltration to unauthorized endpoints or other malicious activities within the provided code.
- External report
- View on VirusTotal