Back to skill
Skillv1.0.0
VirusTotal security
Moltravel - The Travel Agent for AI Agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:55 AM
- Hash
- fa226039fac6de9e7c4da4cc586963578743d6da7f36305448bc321714f7974e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltravel Version: 1.0.0 The skill is classified as suspicious due to the broad `allowed-tools: mcp__molttravel__* Read` permission defined in `SKILL.md`. While the explicit instructions in `SKILL.md` are benign and guide the AI agent to use specific travel-related tools, this wildcard permission grants access to *any* 'Read' tool exposed by the external MolTravel MCP server (https://mcp.molttravel.com/mcp). This creates a potential vulnerability where a malicious or compromised MCP server could introduce harmful 'read' tools (e.g., for reading local files or environment variables), which an agent could then be prompted to use, even if unintentionally by the skill's author. This broad permission for an external service, without explicit tool whitelisting, represents a risky capability.
- External report
- View on VirusTotal