Flight Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user chooses this install method, they are trusting the current remote GitHub script to run shell commands on their machine.
The README offers a remote shell installer fetched from the main branch, which is a common but higher-trust installation pattern because the executed script can change if the branch changes.
curl -fsSL https://raw.githubusercontent.com/Olafs-World/flight-search/main/install.sh | bash
Prefer versioned package-manager installation such as uvx/uv, pipx, or pip from a trusted package source, or inspect the install script before running it.
Running the upgrade option can change the installed version of the tool and its dependencies.
The CLI exposes a documented --upgrade option that runs a package-manager command to update the installed tool; the command is controlled by the code, but it still mutates the local environment.
if parsed.upgrade:
return do_upgrade()
...
subprocess.run(cmd, check=True)Use --upgrade only when you intend to update the package, and review package source/version trust before upgrading.