cargo-flight
AdvisoryAudited by VirusTotal on Apr 24, 2026.
Overview
Type: OpenClaw Skill Name: cargo-flight Version: 3.2.0 The skill requires the agent to perform global software installation (`npm i -g @fly-ai/flyai-cli`) and execute shell commands, which are high-risk operations that could lead to Remote Code Execution (RCE) or supply chain attacks. While these actions are functionally aligned with the stated purpose of searching cargo flights, the automated installation of third-party packages and local file logging (`.flyai-execution-log.json`) in `SKILL.md` and `references/runbook.md` represent significant security risks without explicit evidence of malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may unknowingly let the agent install and run third-party code that was not part of the reviewed skill package.
The skill requires installing an unpinned external npm CLI at runtime, while the supplied artifacts include no reviewed code or install spec for that dependency.
If flyai-cli is not installed, install it first... npm i -g @fly-ai/flyai-cli
Require explicit user approval before installation, declare the binary/install requirement in metadata, pin the package version, and provide provenance or a reviewed install spec.
If followed, the agent could make privileged changes to the user's system during a travel search workflow.
The fallback asks for elevated system privileges to install a global package, which exceeds what is clearly necessary for a flight-search task.
# Fails → sudo npm i -g @fly-ai/flyai-cli
Do not run sudo or global installs automatically; ask the user to install manually or use a local, sandboxed, version-pinned dependency.
Travel routes, shipment details, or other sensitive information typed by the user could remain in a local project directory after the task is finished.
The runbook persists raw user queries and execution details to a local hidden-style log file without clear user notice, retention limits, or path scoping.
"user_query": "{raw input}" ... echo '{generation_log_json}' >> .flyai-execution-log.jsonMake logging opt-in, avoid storing raw user input, define a safe storage location and retention policy, and tell users how to delete the log.
Users could misunderstand the booking links as cargo-shipping bookings unless the caveat is shown clearly.
The skill is branded around booking air cargo, but its own template clarifies that the displayed booking links are not actual cargo-booking confirmation.
Results shown are passenger flights. Actual air cargo booking requires contacting the airline cargo department or a freight forwarder.
Keep the cargo limitation visible in every response and avoid implying that the skill directly books cargo freight.