Back to skill
Skillv1.0.0
VirusTotal security
travel-visa · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 12:31 PM
- Hash
- f0e6a16fcd4338a05f467203744b392de95225584395aaf45dd5dc0516524f38
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: travel-visa Version: 1.0.0 The skill is a travel visa consultant that relies on the `@fly-ai/flyai-cli` to perform searches. While its behavior is aligned with its stated purpose, the instructions in `SKILL.md` and `references/playbooks.md` direct the AI agent to construct shell commands by directly embedding user-provided inputs (such as nationality and destination) into command-line arguments (e.g., `flyai fliggy-fast-search --query "<input>"`). This pattern creates a significant shell injection vulnerability (RCE) if the agent or the execution environment does not properly sanitize these inputs, allowing a user to potentially execute arbitrary commands on the host system.
- External report
- View on VirusTotal