Back to skill
Skillv1.0.0
VirusTotal security
AI机票预订助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 3:51 AM
- Hash
- 1c71be311941609f2a6963f5c78101829542c37e24d53648fdc6f10607f0f9c6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: flightai Version: 1.0.0 The skill is a flight booking assistant that handles sensitive Personal Identifiable Information (PII) including names, phone numbers, and national ID cards. While its behavior aligns with its stated purpose, it contains significant security vulnerabilities: specifically, `scripts/common.py` intentionally disables SSL certificate verification using `ssl._create_unverified_context()`, exposing all transmitted PII and API keys to Man-in-the-Middle (MITM) attacks. Additionally, it stores authentication tokens in a shared temporary directory (`/tmp` or equivalent) without restricted file permissions, which could allow local credential theft. These flaws represent high-risk security practices rather than confirmed intentional malice.
- External report
- View on VirusTotal