anniversary
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent flight-search helper, but it asks agents to install outside software and save raw travel requests locally without clear user control.
Before installing, verify the flyai CLI package yourself, approve or perform installation manually, and disable or tightly control the execution log so raw travel details are not saved unexpectedly.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the package can execute external package code and modify the user's environment before any travel search occurs.
The skill directs the agent to install an unpinned third-party npm package globally at runtime, rather than using a reviewed/pinned install specification or requiring explicit approval.
If flyai-cli is not installed, install it first. ... npm i -g @fly-ai/flyai-cli
Require explicit user approval before installation, pin and verify the package version, and declare the dependency in install metadata.
A crafted query could potentially cause unintended local shell execution if the agent writes the log using this command pattern.
The log includes raw user input and the persistence example writes it through a shell echo command. If followed literally without proper escaping, quotes or shell metacharacters in the user query could alter the command.
"user_query": "{raw input}" ... echo '{generation_log_json}' >> .flyai-execution-log.jsonDo not write raw user input through shell commands. Use a safe file-writing API, escape data correctly, or remove shell-based log persistence.
Private trip details could remain in the working directory and later be read, reused, or accidentally committed/shared.
The skill instructs the agent to keep an internal log containing raw user travel requests and optionally persist it to a local file, without user-facing notice, retention limits, or redaction.
Agent maintains this log internally. Not shown to users. ... "user_query": "{raw input}" ... .flyai-execution-log.jsonAsk before logging, redact sensitive fields, store logs only in a clearly scoped private location, and define retention or disable persistence by default.