Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
FlyClaw (Flight N-in-1 Search Zero Login)
v0.4.4Multi-source flight aggregation — tickets, nonstop, round-trip, cabin. 航班机票/零登录/零API, zero login, zero account, zero API key. Pure Python, no browser. 机票价格/航...
⭐ 2· 667·2 current·2 all-time
by@ai4mse
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (flight aggregation from multiple public sources) aligns with included code (multiple source modules, merge/deduplication, airport cache, route cache). Declared requirements (no env vars, no required binaries) are consistent with the code being a pure-Python CLI. Optional integration points (SerpAPI, Skiplagged MCP, fliggy) are present in config as opt-in features, which is reasonable for this type of tool.
Instruction Scope
SKILL.md instructs running the CLI with standard flags and shows an explicit update-airports URL command. The runtime code will make network calls to public APIs (FR24, Airplanes.live/ADSB.lol, Google Flights via 'flights' library, Skiplagged endpoints, Fliggy), and it writes local cache files (cache/airports.json, cache/flight_routes.json). That behavior is expected, but the README/SKILL.md claim 'program does not collect, store any user personal information' is a slight mismatch: the tool will persist query-derived data (route cache and caches) to disk locally. Also update-from-URL accepts arbitrary URLs and will download and merge JSON into the local airports cache if used.
Install Mechanism
No special install mechanism in the skill bundle (instruction-only for the agent); dependencies are standard Python packages listed in requirements/pyproject. No remote binary downloads, no extract-from-arbitrary-URL install steps in the install spec. The project includes a large airports cache file bundled with the source (written to disk when used), but that is part of bundled assets, not an external install fetch.
Credentials
The skill declares no required environment variables (good), but config shows optional API keys (google_flights.serpapi_key, fliggy_mcp.api_key/sign_secret) and comments imply a 'built-in default key' may be used if fields are left empty. That raises two concerns: (1) there may be embedded/default credentials used at runtime (not clearly documented in SKILL.md), and (2) if such built-in keys exist, queries could be proxied through third-party service accounts the user does not control. The SKILL.md/README promise 'zero API key' but the code supports/mentions API keys and MCP endpoints—this inconsistency should be clarified by the author.
Persistence & Privilege
Skill does not request platform-wide privileges and is not 'always: true'. However it writes and updates local cache files (cache/airports.json, cache/flight_routes.json) and can atomically replace airport cache via update_from_url. These are expected for a local CLI but mean the skill will persist query results to the user's filesystem by default. If you care about local data persistence or want ephemeral runs, run in an isolated environment or delete cache files after use.
What to consider before installing
What to consider before installing/running this skill:
- Origin and trust: the package metadata lists a GitHub repo but 'Source' and 'Homepage' are unknown in the registry entry. Prefer installing from the upstream GitHub (verify repository and recent commits) or inspect the full source locally before running.
- Network behavior: the tool performs many outbound requests to public flight-data services (FR24, Google Flights via the 'flights' library, Skiplagged, Fliggy, ADSB endpoints). This is expected for a flight-aggregator, but be aware it will contact those external services when invoked.
- Local persistence: the tool saves caches (airports, route cache) to the local cache/ directory and may update those files. If you do not want any local state, run in a disposable/isolated environment (container, VM, temp Python environment) or remove cache files after use.
- API keys / embedded credentials: SKILL.md claims 'zero API key', but config mentions optional API keys and comments about a 'built-in default key'. Ask the author/maintainer to confirm whether any embedded/default credentials are shipped or used at runtime. If embedded third-party keys exist, queries may be routed via accounts you do not control.
- Update-from-URL feature: the CLI can download airport data from an arbitrary URL and atomically replace the airport cache if the downloaded JSON validates. Only use that feature with trusted URLs; an attacker-controlled URL could supply malformed or unexpected data (though validation is present, it still writes merged data locally).
- Optional debug features: the project references optional components (MCP backend, fast-flights, playwright). Avoid enabling or installing optional debug dependencies unless you understand their behavior.
- Safe execution: run the skill in an isolated environment (new virtualenv/conda env or container), inspect source files (especially source modules under sources/) before use, and consider restricting network if you want to limit remote calls. If you need high assurance, request the upstream repository link and verify there are no hidden credentials or remote upload endpoints.
Summary: functionally coherent for flight aggregation, but confirm the 'zero API key' claim and the presence/absence of any built-in credentials and be mindful of local cache writes and the update-from-URL capability before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk973ks97ppsymtzqrmn17skex584ddhp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.