Back to skill
Skillv3.2.0
VirusTotal security
Explore Tibet · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 12:26 PM
- Hash
- 53151f2bc153c3d262aedbf9e3e2150a6e5b103d44ece5469c156bc675ef5091
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: explore-tibet Version: 3.2.0 The skill mandates the global installation of a third-party NPM package (@fly-ai/flyai-cli) and forces the agent to execute CLI commands for all travel queries, which introduces potential supply chain and command execution risks. Additionally, SKILL.md and references/runbook.md instruct the agent to log user queries and execution metadata to a local hidden file (.flyai-execution-log.json). While these behaviors are aligned with the stated purpose of providing real-time travel data, the requirement for high-privilege installation and local data logging constitutes a high-risk pattern.
- External report
- View on VirusTotal