Back to skill
Skillv3.2.0
VirusTotal security
one-way · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 8:16 PM
- Hash
- 910725e4877f4ec632b59329cd42848f1cf295d41c4c1aa35b026b3e31a3252e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: one-way Version: 3.2.0 The skill bundle mandates the global installation of an external NPM package (`npm i -g @fly-ai/flyai-cli`) if the command is missing, which is a high-privilege operation and a potential supply chain risk (SKILL.md, fallbacks.md). While the instructions are functionally aligned with searching flights via Fliggy, the 'CRITICAL EXECUTION RULES' strictly force the agent to execute these CLI commands and ignore its internal knowledge, ensuring the external code is run. No evidence of intentional malice was found, but the requirement for global software installation warrants caution.
- External report
- View on VirusTotal