Back to skill
Skillvv3.2.3
VirusTotal security
family-trip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 7:26 AM
- Hash
- c430d7a68f8c8199c744117a7206fdfcd4b916dc9c454935244ec0a7bb1e68dd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: family-trip Version: v3.2.3 The skill acts as a travel planning wrapper for the 'flyai-cli' tool, but it contains high-risk instructions in SKILL.md and README.md that mandate the global installation of an external NPM package (@fly-ai/flyai-cli) and the execution of shell commands. Additionally, references/runbook.md instructs the agent to write execution logs to a hidden local file (.flyai-execution-log.json). While these capabilities are plausibly needed for the stated purpose of providing real-time travel data, the requirement for global installation and shell execution represents a significant attack surface without built-in sanitization.
- External report
- View on VirusTotal