Back to skill
Skillvv3.2.4
VirusTotal security
International Flights · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 9, 2026, 9:01 AM
- Hash
- 1e88c12d38d9d3d604e461f827f5aec76f091fca6624c052eea73126c5b6c82c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: international-flights Version: v3.2.4 The skill requires high-risk operations, including the global installation of an external NPM package (@fly-ai/flyai-cli) and the use of sudo for privilege escalation in fallback scenarios (references/fallbacks.md). The command execution logic in SKILL.md constructs shell commands by interpolating user-provided parameters (e.g., --origin "{o}"), which creates a significant risk of shell injection if the agent does not properly sanitize the input. While these capabilities are plausibly related to the skill's flight-searching purpose, the combination of global software modification and command injection vulnerabilities warrants a suspicious classification.
- External report
- View on VirusTotal