Back to skill
Skillv3.2.1
VirusTotal security
Pet Hotel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 11, 2026, 1:41 AM
- Hash
- b1ebb52508f310dfa845cb7f037ef4471e17d2482eef914baf455d239e2d1876
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pet-hotel Version: 3.2.1 The skill requires the global installation of an external NPM package (@fly-ai/flyai-cli) and constructs shell commands using unsanitized user-provided parameters (e.g., the {city} variable in SKILL.md), which presents a significant shell injection vulnerability. While these actions are aligned with the stated purpose of providing real-time travel data, the requirement for high-privilege installation and the lack of input validation are high-risk behaviors.
- External report
- View on VirusTotal