castle-hotel
AdvisoryAudited by VirusTotal on Apr 24, 2026.
Overview
Type: OpenClaw Skill Name: castle-hotel Version: 3.2.0 The skill requires the global installation and execution of an external NPM package (`@fly-ai/flyai-cli`) via `npm i -g` in SKILL.md and references/fallbacks.md. While this is presented as a necessary prerequisite for flight searching, global package installation and CLI execution represent a significant security risk (potential RCE/supply chain attack) if the package is untrusted. There is no explicit evidence of malicious intent or data exfiltration, but the high-privilege requirement and the discrepancy between the stated provider (Fliggy/Alibaba) and the package name warrant caution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may lead the agent to add and run external code on the user's machine before producing travel results.
The skill mandates installing an unpinned external npm package globally at runtime, despite the registry declaring no install spec or required binaries.
If flyai-cli is not installed, install it first. ... npm i -g @fly-ai/flyai-cli
Require explicit user approval before installation, declare the CLI as a dependency, pin a package version, and prefer a reviewed or sandboxed install path over a global npm install.
The agent may execute local commands and send route/date parameters to the flyai service to retrieve results.
The skill is explicitly designed to run local CLI commands. This is central to its purpose, but users should be aware it is not a passive knowledge-base skill.
**You are a CLI executor, NOT a knowledge base.** ... flyai --version ... flyai search-flight --origin "{{o}}" --destination "{{d}}"Use only if you trust the flyai CLI/provider and review the commands before allowing execution.
The agent could run additional flyai commands during fallback searches, which may produce less predictable provider queries.
The fallback workflow expands beyond the main search-flight command and uses user-derived text in a CLI query. It remains travel-related, but the command surface is broader than the main parameter table suggests.
flyai keyword-search --query "{{origin}} to {{destination}} flight"Keep searches scoped to the user's request and confirm before running broader fallback searches.