Back to skill
Skillv3.2.0
VirusTotal security
Mini Trip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 11, 2026, 9:11 AM
- Hash
- c2cff26232f1d6c35249045fc1f545b7ce505e8daad6735ec5de99036c0a699e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mini-trip Version: 3.2.0 The skill requires the AI agent to perform a global installation of an external npm package (@fly-ai/flyai-cli) and execute shell commands (flyai) using parameters derived from user input, which introduces risks of shell injection and supply chain attacks. Additionally, it instructs the agent to perform local file writes for logging purposes (.flyai-execution-log.json). While these behaviors are aligned with the stated purpose of a CLI-based trip planner, the automated system modification and shell execution represent a significant attack surface.
- External report
- View on VirusTotal