Back to skill
Skillv3.2.0
VirusTotal security
Zoo Aquarium · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 8:21 AM
- Hash
- 04df73289c06766216be9332c557f80da4076b5875862f2f33dd75651a105dd6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zoo-aquarium Version: 3.2.0 The skill bundle mandates the global installation and execution of a third-party NPM package (@fly-ai/flyai-cli) as a prerequisite for any functionality, which is a high-risk behavior. The instructions in SKILL.md and references/fallbacks.md use aggressive prompt engineering to force the agent to install this package and forbid the use of internal knowledge, effectively mandating shell execution. While these actions are plausibly related to the stated travel search purpose, the requirement for high-privilege global installation and the strict execution rules represent a significant supply-chain risk.
- External report
- View on VirusTotal