Back to skill
Skillv1.0.1
VirusTotal security
Google Hotels · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:04 AM
- Hash
- e3d64b29dcd8e5c343b94b56e214eaa9bc533496e9be8802aaa746363ac88e68
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hotel-search Version: 1.0.1 The skill is classified as suspicious due to the use of the `agent-browser eval` command, which allows arbitrary JavaScript execution within the browser context. While the current instructions use `eval` for legitimate page inspection (e.g., `document.querySelector(...).value`), this is a high-risk primitive that could be exploited for client-side arbitrary code execution if the agent's input sanitization or prompt handling is flawed. Additionally, the skill instructs the agent to navigate to arbitrary external hotel websites (after initial search) to check for direct deals, exposing the agent to untrusted content, even if done in an isolated session. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or persistence mechanisms.
- External report
- View on VirusTotal