Flight Search
PassAudited by ClawScan on May 1, 2026.
Overview
The skill’s code and documentation consistently implement a Google Flights search CLI, with only standard package-install and self-update risks to notice.
This appears safe for its stated purpose. Before installing, decide whether you trust the PyPI/GitHub package source; avoid curl-to-bash unless you inspect the script, and run the --upgrade command only intentionally. Flight searches are performed through the fast-flights Google Flights scraper, so search details such as route, dates, passenger counts, and class are expected to be sent to that service path.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user chooses this install method, they are trusting the current remote GitHub script to run shell commands on their machine.
The README offers a remote shell installer fetched from the main branch, which is a common but higher-trust installation pattern because the executed script can change if the branch changes.
curl -fsSL https://raw.githubusercontent.com/Olafs-World/flight-search/main/install.sh | bash
Prefer versioned package-manager installation such as uvx/uv, pipx, or pip from a trusted package source, or inspect the install script before running it.
Running the upgrade option can change the installed version of the tool and its dependencies.
The CLI exposes a documented --upgrade option that runs a package-manager command to update the installed tool; the command is controlled by the code, but it still mutates the local environment.
if parsed.upgrade:
return do_upgrade()
...
subprocess.run(cmd, check=True)Use --upgrade only when you intend to update the package, and review package source/version trust before upgrading.