Back to skill
Skillv3.2.0
ClawScan security
Explore Bali · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 8, 2026, 2:10 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it declares a travel-planning purpose and only requires the flyai CLI (installed via npm) to fetch real-time booking data; there are no unrelated credentials or hidden endpoints requested.
- Guidance
- This skill appears to do what it says: it wraps the flyai CLI to fetch real-time travel results and booking links. Before installing or using it: (1) Verify the provenance of the flyai CLI package on npm (confirm it's the official @fly-ai package or from a trusted publisher) because the skill instructs you to run npm i -g; (2) Be aware the skill may write an execution log (.flyai-execution-log.json) to the current working directory if filesystem writes are available — review those logs if you care about local persistence of query data; (3) The agent will refuse to answer from its training data and will only return CLI-sourced outputs, so expect failures if you cannot install or run the CLI or if network access is restricted; (4) If you want to reduce risk, install and test the flyai CLI in a controlled environment (container or VM) before granting it to your agent. If you need me to, I can list specific checks to verify the flyai CLI package (npm publisher, homepage, source repo) or summarize what the CLI likely calls over the network.
Review Dimensions
- Purpose & Capability
- okThe name/description (Bali trip planning) aligns with the instructions: the SKILL.md consistently directs the agent to use the flyai CLI to search flights, hotels, and POIs and produce booking links. Nothing in the files requests unrelated credentials, binaries, or system access that would be out of scope for travel planning.
- Instruction Scope
- noteThe SKILL.md enforces strict runtime rules: the agent must only use flyai CLI outputs (never training data), must install the CLI if missing, and must include a [Book]({detailUrl}) link for every result. It also documents an internal execution log schema and suggests appending logs to .flyai-execution-log.json if file-system writes are available. These behaviors are coherent with the skill’s purpose but are operational constraints you should be aware of (possible local log writes and hard dependency on the CLI).
- Install Mechanism
- noteNo formal install spec is embedded in the package (instruction-only), but the runtime instructions require running npm i -g @fly-ai/flyai-cli. Installing a global npm package is reasonable for a CLI-based skill, but it carries the usual trust/risk posture of running third-party npm packages (ensure the package is from a legitimate source before installing).
- Credentials
- okThe skill requests no environment variables, no credentials, and no config paths. All required inputs are user-provided parameters for the flyai CLI. This is proportionate to a travel-booking skill.
- Persistence & Privilege
- noteThe skill is not always-enabled and uses normal autonomous invocation settings. The runbook suggests persisting an execution log (appending to .flyai-execution-log.json) if file writes are available; this is reasonable for auditing but will create files in the working directory and could contain user queries/parameters. No other elevated privileges or cross-skill config modifications are requested.