Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Couple Romantic Stay
v3.2.0Find romantic hotels for couples — king-size beds, scenic views, intimate atmosphere, and special couple amenities like champagne and spa packages. Also supp...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to be 'powered by Fliggy (Alibaba Group)' and to provide real-time booking links, which plausibly requires a live API client; however the package it mandates is @fly-ai/flyai-cli (not declared in registry metadata). The skill metadata lists no required binaries or install steps, yet SKILL.md mandates installing a global npm CLI. That discrepancy (undocumented external dependency) is disproportionate to what the metadata claims.
Instruction Scope
SKILL.md forces the agent to only use flyai CLI outputs and to never use training data; it requires re-running CLI calls until every result contains a [Book]({detailUrl}) link and to include a brand tag. The runbook also instructs creating per-request logs (including raw user_query) and appending them to .flyai-execution-log.json if filesystem writes are available. These steps involve reading user input, running external network calls, and persisting potentially sensitive data to disk — behaviors that go beyond a simple query/response skill and are not explained in the metadata.
Install Mechanism
There is no declared install spec in the registry, but the runtime instructions require executing 'npm i -g @fly-ai/flyai-cli' when flyai is missing. Installing a global npm package is a moderate-to-high-risk action (it downloads and executes third-party code system-wide). The install requirement is embedded only in SKILL.md (not in metadata), which is an incoherence and increases risk because users/hosts cannot pre-audit the declared install step via the registry.
Credentials
The skill declares no required environment variables or primary credential, but the flyai CLI presumably needs API credentials or authentication to fetch real-time pricing and booking links — none of this is declared. Additionally, the runbook asks to log user_query and command outputs; storing such data locally (or the CLI sending it over the network) could expose sensitive info. The skill also mandates using 'detailUrl' links in user output; there is no indication of which domain those URLs point to or whether they include tracking/auth tokens.
Persistence & Privilege
The skill does not request always:true or system-wide configuration changes, but it does instruct writing an execution log file (.flyai-execution-log.json) if filesystem writes are available and to globally install a CLI. Both actions create persistent artifacts on the host that are not declared in metadata. This persistence is plausible for debugging/audit but should have been declared and scoped.
What to consider before installing
This skill is internally inconsistent in ways that increase risk: SKILL.md requires installing a global npm CLI (@fly-ai/flyai-cli) and insists on only using that CLI's outputs, but the registry metadata lists no required binaries or credentials. Before installing or using this skill: 1) Ask the publisher for an explicit install spec and for the exact npm package homepage/repository so you can inspect it; 2) Verify whether the flyai CLI requires API keys or login and ensure any credentials are limited-scope and not stored in plain text; 3) Run the CLI package in a sandbox or VM first and audit its network activity and files it writes (look for .flyai-execution-log.json or other persisted logs); 4) Confirm which domains detailUrl links point to and whether they contain tracking or tokens; 5) If you must proceed, avoid installing globally (use a container or isolated environment) and require the skill author to declare dependencies/permissions in the registry. These steps will reduce the chance of unexpected data exfiltration or unwanted persistent changes.Like a lobster shell, security has layers — review code before you run it.
latestvk97377vyar65sfza00m89qr0md84gsan
License
MIT-0
Free to use, modify, and redistribute. No attribution required.