Back to skill
Skillv1.0.0
VirusTotal security
Track Flight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:11 AM
- Hash
- f141601874eca0b8da0c8da719754cccdc4bac55c72e099d24ecf0777b51edb0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: track-flight Version: 1.0.0 The skill's primary function is benign, but it uses HTTP for API communication with `http://api.aviationstack.com` as explicitly noted in `SKILL.md` and `references/api-setup.md`. The `scripts/track_flight.py` script transmits the `AVIATIONSTACK_API_KEY` in plaintext over HTTP, which is a significant vulnerability (Man-in-the-Middle risk) that could lead to API key compromise. While this is a limitation of the external API's free tier and is openly declared, it constitutes insecure data transmission, classifying the skill as suspicious.
- External report
- View on VirusTotal