Back to skill
Skillv1.5.0
VirusTotal security
Travel Lobster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:01 AM
- Hash
- a456bf646722c7711bf60f71db71ec7d8614aadda20c49581d8b2e889f203c95
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: travel-lobster Version: 1.5.0 The 'travel-lobster' skill implements an autonomous, self-scheduling agent that browses the internet and maintains a persistent 'travel journal.' While the behavior is transparently documented and aligned with its stated purpose, it employs high-risk patterns including reading workspace identity files (IDENTITY.md, USER.md), autonomous web exploration, and a self-perpetuating loop where the agent is instructed to execute shell commands (scripts/travel.sh) via the platform's cron system. These capabilities create a significant attack surface for prompt injection from external web content, as the agent is directed to fetch web data and then perform shell-based scheduling. No evidence of intentional malice was found, but the autonomous shell execution and broad data access qualify it as suspicious.
- External report
- View on VirusTotal