Skillv1.0.2

ClawScan security

dream-journey(寻梦之旅) · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 6, 2026, 5:32 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code, instructions, and external-tool requirements are consistent with a travel-oriented 'dream matching' experience; nothing indicates it is trying to do unrelated or covert actions, but you should verify the FlyAI CLI package source and be cautious when running included scripts and opening generated HTML.
Guidance: This skill appears coherent for its travel/multimedia purpose, but take these precautions before installing or running it: 1) Verify the FlyAI CLI package on npm (publisher, repository, popularity) before installing globally. 2) Inspect the included Node scripts (they're bundled) before running; they operate locally and write files but could be executed with shell access. 3) Be cautious when providing JSON or image URLs — generated HTML embeds whatever you supply and opening it will cause your browser to fetch remote resources. 4) Confirm that any booking flow redirects you to the authentic Fliggy/Alitrip site and never enter credentials into unknown prompts within the skill. 5) If you want to reduce risk, run the scripts in a sandbox/container or on a machine dedicated to testing, and avoid granting broad autonomous execution rights to the agent until you trust the package source.

Review Dimensions

Purpose & Capability: okThe skill claims to restore dream imagery, match real destinations via Fly.ai, plan trips, and produce local HTML reports/videos — and it requires the FlyAI CLI for real-time travel data and optionally Node.js for local helper scripts. These requirements match the described functionality (FlyAI CLI for searches/links; Node for local report/script generation).
Instruction Scope: noteSKILL.md confines actions to: calling flyai search-* commands, running supplied Node.js scripts, reading user-supplied JSON/photos, and writing local HTML/JSON output. That's within scope. Two attention points: (1) the agent is allowed to run shell commands (run_shell_command) to execute Node scripts — which is necessary but grants ability to run arbitrary commands if misused; (2) generated HTML embeds user-provided image URLs, which will cause the browser to fetch external resources when opened (not the skill itself fetching them), so users should avoid embedding sensitive links or remote urls they don't trust.
Install Mechanism: noteNo install spec is embedded in the skill bundle (instruction-only), but SKILL.md recommends installing an npm package (@fly-ai/flyai-cli) globally. Recommending a well-known package registry (npm) is reasonable, but installing a global CLI from an unverified package carries supply-chain risk — verify the package identity/source before installing.
Credentials: okThe skill declares no required environment variables, credentials, or config paths. The described functionality (query-only FlyAI usage, booking via Fliggy links) is consistent with not needing stored secrets in the skill itself. If the FlyAI CLI later requires credentials for booking flows, that would be expected to occur interactively via Fliggy; the skill does not request arbitrary tokens.
Persistence & Privilege: okSkill flags are default (not always:true). It does not request permanent presence or attempt to modify other skills. It includes helper scripts that write files under the user's control; this is normal for report-generation functionality.