travel-schedule-brainstrom
ReviewAudited by ClawScan on May 10, 2026.
Overview
This travel-planning skill is mostly purpose-aligned, but it should be reviewed because its FlyAI command examples disable TLS certificate verification.
Before installing, confirm you trust and have correctly installed the FlyAI CLI. Avoid using `NODE_TLS_REJECT_UNAUTHORIZED=0`; if certificate errors occur, fix the certificate or CLI configuration rather than bypassing TLS checks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Travel search details, and potentially any FlyAI session context used by the CLI, could be exposed to or modified by a network attacker if TLS verification is bypassed.
This environment variable disables Node.js TLS certificate verification, and the FlyAI command examples also prefix searches with it. That can make provider calls vulnerable to interception or result tampering.
**SSL**:若遇证书校验失败,在命令前加环境变量:`NODE_TLS_REJECT_UNAUTHORIZED=0`(仅作绕过手段,知悉安全风险)。
Do not disable TLS verification by default. Fix certificate issues by updating the CLI, CA store, or endpoint configuration, and require explicit user approval before any temporary TLS bypass.
The skill may fail unless FlyAI is already installed, and users may need to decide for themselves which CLI source is trustworthy.
The skill instructions depend on the `flyai` CLI, but the registry metadata does not declare that binary or how to install or verify it. This is a setup/provenance gap, though the dependency is disclosed in the skill description.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Declare `flyai` as a required binary and provide a trusted installation source or version guidance.
Personal travel preferences and itinerary details may be processed by FlyAI when searches are run.
The skill sends travel-search parameters such as destinations, dates, origin city, and budget limits to an external FlyAI CLI. This is expected for the stated purpose, but users should be aware of the data flow.
用 FlyAI CLI(search-hotels / search-poi / search-flight)辅助酒店、景点与机票扫描
Use only the travel details needed for the search and review FlyAI’s privacy and account settings before using the CLI.