Flight Tracker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing the skill must provide an AviationStack API key; on the free tier, the key is sent over HTTP, which can expose it to network observers.
The script reads a provider API key from the environment and sends it to AviationStack as the access key. This is expected for the flight-tracking purpose, but users should know it is a credential and the endpoint is HTTP.
api_key = os.environ.get('AVIATIONSTACK_API_KEY') ... base_url = "http://api.aviationstack.com/v1/flights" ... 'access_key': api_keyUse a low-privilege/free AviationStack key where possible, avoid reusing sensitive credentials, and prefer a paid HTTPS-enabled plan if credential confidentiality matters.
Installing an unpinned package can pick up whatever current version is available from the package index.
The skill relies on an external Python package installed by the user, but the dependency is not pinned or represented in an install specification. This is common and purpose-aligned, but users should install from a trusted Python environment.
Install dependencies: ```bash pip3 install requests ```
Install `requests` from the official Python package index in a trusted environment, or pin a known-good version if reproducibility is important.