Back to skill
Skillv3.2.0
VirusTotal security
hongkong-macau · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 7:26 AM
- Hash
- 9a99720992d35279ef0ca84c62ac286058150f6bafb09f75cce7fd39e55c04fc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hongkong-macau Version: 3.2.0 The skill acts as a travel planner for Hong Kong and Macau by wrapping the '@fly-ai/flyai-cli' tool. It is classified as suspicious because it requires high-risk capabilities to function, including the global installation of an NPM package (npm i -g @fly-ai/flyai-cli), mandatory shell command execution for all user queries, and writing execution logs to the local filesystem (.flyai-execution-log.json). While these behaviors are aligned with the stated purpose of providing real-time travel data from Alibaba's Fliggy service, the requirement for broad shell and file access meets the threshold for a suspicious classification.
- External report
- View on VirusTotal