Fly Flight
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: fly-flight Version: 1.1.1 The skill bundle contains high-risk implementation patterns that introduce critical security vulnerabilities. Specifically, `scripts/extract_tongcheng_state.js` uses `eval()` to parse data extracted from the external website `ly.com`, which creates a potential Remote Code Execution (RCE) vector if the site content is manipulated. Additionally, `scripts/providers/train_public_service.py` explicitly disables SSL certificate verification (`ssl._create_unverified_context()`), exposing the agent to Man-in-the-Middle (MITM) attacks when communicating with `kyfw.12306.cn`. While these appear to be functional choices for web scraping rather than intentional malware, they represent significant security risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A compromised or intercepted flight results page could run local code when the skill performs a flight search.
The extractor reads provider HTML and directly evaluates the matched window.__NUXT__ payload as JavaScript, so manipulated page content could execute under Node.
const html = fs.readFileSync(0, "utf8"); ... nuxt = eval(match[1]);
Replace eval with a safe data parser, or strictly sandbox the evaluation with no access to Node globals such as require or process and with a timeout.
Someone able to interfere with the network could spoof or alter train schedules, prices, or station data returned by the skill.
The train provider disables HTTPS certificate validation and uses this context for 12306 network requests, weakening the authenticity of official train data.
DEFAULT_SSL_CONTEXT = ssl._create_unverified_context()
Use the default verified SSL context and only allow an explicit, user-controlled insecure mode for troubleshooting if absolutely necessary.
If the local service is left running or bound beyond localhost, other clients could submit transport lookup requests to it.
The optional serve mode starts a long-running HTTP service; it is documented and defaults to 127.0.0.1, but it continues until interrupted.
server = ThreadingHTTPServer((args.host, args.port), TransportHandler) ... server.serve_forever()
Run HTTP mode only when needed, keep it bound to localhost unless you understand the exposure, and stop it after use.