Back to skill
Skillv1.0.1
VirusTotal security
AI机票预订助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 26, 2026, 4:06 AM
- Hash
- bee0ae94837c60af1fc74dcc99d1a19f761faf643235e17d1354c2ae3ce43ba2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-flight Version: 1.0.1 The flight booking skill bundle contains a significant security vulnerability in `scripts/common.py`, where SSL certificate verification is explicitly disabled using `ssl._create_unverified_context()`. This is particularly concerning because the skill is designed to collect and transmit highly sensitive Personal Identifiable Information (PII), including passenger names, phone numbers, and national ID numbers (as seen in `scripts/create_order.py`), to an external endpoint (app-gate.fenbeitong.com). While the logic appears consistent with its stated purpose of flight management, the intentional bypass of transport layer security for PII makes the bundle high-risk.
- External report
- View on VirusTotal