Back to skill
Skillv1.0.3
VirusTotal security
Airplane AI / 断网 AI 助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 10:15 AM
- Hash
- 117a35f6b69752e15e762b28cf3828644dea8c7248b3f4992fdd1227b7823e0a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: airplane-ai Version: 1.0.3 The skill bundle contains a high-risk arbitrary file read vulnerability in 'scripts/offline_chat.py' via a documented '<<READ:path>>' feature. This feature allows the AI agent to access any file on the host system (e.g., ~/.ssh/id_rsa) without path sanitization or sandboxing, which can be exploited via prompt injection to exfiltrate sensitive data. While the script is intended for local use, it includes an outbound network ping to 'clawhub.ai' in its health check function and lacks any security boundaries for its file-access capabilities.
- External report
- View on VirusTotal