Back to skill
Skillv3.2.0
VirusTotal security
last-seat-flight · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 9:26 AM
- Hash
- a2c4657f353378f910a8eafe8ca1e3ad99f7ccd759ba7102b98f424203ab67b4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: last-seat-flight Version: 3.2.0 This skill bundle is classified as suspicious because it instructs the AI agent to perform a global installation of an external NPM package (@fly-ai/flyai-cli) and executes shell commands using unsanitized user input. The primary risks are shell injection vulnerabilities in SKILL.md and references/playbooks.md, where parameters like origin and destination are passed directly to the CLI. While these actions support the stated flight-booking purpose, the combination of high-privilege installation and lack of input validation creates a significant attack surface for remote code execution.
- External report
- View on VirusTotal