Fly Flight
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its travel-search purpose, but it unsafely evaluates public web page content as code and disables HTTPS certificate checks for train queries.
Use caution before installing. The skill appears intended for public flight and train searches, but it should be fixed to avoid eval on public web content and to restore HTTPS certificate verification. If you run the optional HTTP mode, keep it on localhost and stop it when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or intercepted flight results page could run local code when the skill performs a flight search.
The extractor reads provider HTML and directly evaluates the matched window.__NUXT__ payload as JavaScript, so manipulated page content could execute under Node.
const html = fs.readFileSync(0, "utf8"); ... nuxt = eval(match[1]);
Replace eval with a safe data parser, or strictly sandbox the evaluation with no access to Node globals such as require or process and with a timeout.
Someone able to interfere with the network could spoof or alter train schedules, prices, or station data returned by the skill.
The train provider disables HTTPS certificate validation and uses this context for 12306 network requests, weakening the authenticity of official train data.
DEFAULT_SSL_CONTEXT = ssl._create_unverified_context()
Use the default verified SSL context and only allow an explicit, user-controlled insecure mode for troubleshooting if absolutely necessary.
If the local service is left running or bound beyond localhost, other clients could submit transport lookup requests to it.
The optional serve mode starts a long-running HTTP service; it is documented and defaults to 127.0.0.1, but it continues until interrupted.
server = ThreadingHTTPServer((args.host, args.port), TransportHandler) ... server.serve_forever()
Run HTTP mode only when needed, keep it bound to localhost unless you understand the exposure, and stop it after use.