Flight Tracker
PassAudited by ClawScan on May 1, 2026.
Overview
The skill does what it says—tracks flights through AviationStack—but users should notice that it requires an API key and uses AviationStack’s HTTP-only free tier.
This skill appears coherent and purpose-aligned. Before installing, be aware that you need an AviationStack API key, the free tier uses HTTP rather than HTTPS, and the setup asks you to install the Python `requests` package yourself.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill must provide an AviationStack API key; on the free tier, the key is sent over HTTP, which can expose it to network observers.
The script reads a provider API key from the environment and sends it to AviationStack as the access key. This is expected for the flight-tracking purpose, but users should know it is a credential and the endpoint is HTTP.
api_key = os.environ.get('AVIATIONSTACK_API_KEY') ... base_url = "http://api.aviationstack.com/v1/flights" ... 'access_key': api_keyUse a low-privilege/free AviationStack key where possible, avoid reusing sensitive credentials, and prefer a paid HTTPS-enabled plan if credential confidentiality matters.
Installing an unpinned package can pick up whatever current version is available from the package index.
The skill relies on an external Python package installed by the user, but the dependency is not pinned or represented in an install specification. This is common and purpose-aligned, but users should install from a trusted Python environment.
Install dependencies: ```bash pip3 install requests ```
Install `requests` from the official Python package index in a trusted environment, or pin a known-good version if reproducibility is important.