Fly Flight

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dynamic_code_execution, suspicious.insecure_tls_verification

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernHigh Confidence

ASI05: Unexpected Code Execution

What this means

A compromised or intercepted flight results page could run local code when the skill performs a flight search.

Why it was flagged

The extractor reads provider HTML and directly evaluates the matched window.__NUXT__ payload as JavaScript, so manipulated page content could execute under Node.

Skill content

const html = fs.readFileSync(0, "utf8"); ... nuxt = eval(match[1]);

Recommendation

Replace eval with a safe data parser, or strictly sandbox the evaluation with no access to Node globals such as require or process and with a timeout.

ConcernHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

Someone able to interfere with the network could spoof or alter train schedules, prices, or station data returned by the skill.

Why it was flagged

The train provider disables HTTPS certificate validation and uses this context for 12306 network requests, weakening the authenticity of official train data.

Skill content

DEFAULT_SSL_CONTEXT = ssl._create_unverified_context()

Recommendation

Use the default verified SSL context and only allow an explicit, user-controlled insecure mode for troubleshooting if absolutely necessary.

NoteHigh Confidence

ASI10: Rogue Agents

What this means

If the local service is left running or bound beyond localhost, other clients could submit transport lookup requests to it.

Why it was flagged

The optional serve mode starts a long-running HTTP service; it is documented and defaults to 127.0.0.1, but it continues until interrupted.

Skill content

server = ThreadingHTTPServer((args.host, args.port), TransportHandler) ... server.serve_forever()

Recommendation

Run HTTP mode only when needed, keep it bound to localhost unless you understand the exposure, and stop it after use.

Findings (2)

critical

suspicious.dynamic_code_execution

Location: scripts/extract_tongcheng_state.js:17
Finding: Dynamic code execution detected.

warn

suspicious.insecure_tls_verification

Location: scripts/providers/train_public_service.py:25
Finding: HTTPS certificate verification is disabled.