Back to skill
Skillv3.2.0
ClawScan security
Explore Europe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 8, 2026, 2:11 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill consistently instructs the agent to install and rely solely on a third‑party CLI (flyai-cli) and to persist execution logs, but its marketing claims (full booking/reservation) and its declared requirements (no credentials) don't match the runtime instructions — this mismatch and the unvetted npm install instruction merit caution.
- Guidance
- This skill wraps a third‑party CLI (flyai-cli) and forces the agent to install and rely solely on that CLI for answers. Before installing or enabling it, verify the flyai-cli package and its publisher (look up the npm package and its GitHub repo, check maintainer reputation and postinstall scripts). Expect that the CLI may require a Fliggy/account login or local credentials even though the skill doesn't declare any env vars — plan for where those credentials would be stored. Note the skill advertises booking/reservation features but only documents search commands that return booking links; confirm whether it can actually complete purchases. Finally, avoid letting an agent run global npm installs autonomously — install and test the CLI yourself in a controlled environment first and review any logs written to `.flyai-execution-log.json` for sensitive content.
Review Dimensions
- Purpose & Capability
- concernThe description/promotional text claims booking, reservation, train-ticket purchases, and 'powered by Fliggy', but the SKILL.md only documents search commands (search-flight, search-hotel, search-poi, keyword-search) that return links; there are no booking/confirm commands or parameters shown. The skill therefore may overstate its capabilities (marketing vs actual runtime behavior).
- Instruction Scope
- concernRuntime instructions require installing and running the flyai CLI and mandate the agent use ONLY CLI output (never training data). The SKILL.md also suggests writing an execution log to disk (.flyai-execution-log.json) if file writes are available. The instructions are prescriptive and will cause the agent to perform network installs, run external binaries, and potentially persist logs — all beyond passive knowledge retrieval.
- Install Mechanism
- concernThere is no formal install spec in the registry, but SKILL.md instructs global installation via `npm i -g @fly-ai/flyai-cli`. Installing an npm package globally is a moderate-to-high risk action (postinstall scripts, arbitrary code). The skill does not specify a verified source, SHA, or pinned version, and the registry metadata lists no vetted install mechanism — this is a notable risk vector.
- Credentials
- concernThe skill declares no required environment variables or credentials, but the flyai CLI likely requires account credentials or local config to return real booking/pricing results. The SKILL.md does not declare or explain what account/config is required, where credentials will be stored, or whether the CLI will prompt for interactive login. This omission is disproportionate to the stated purpose and could lead to unexpected credential usage or prompts.
- Persistence & Privilege
- notealways:false (good). However, the runbook explicitly suggests persisting an execution log to `.flyai-execution-log.json` when filesystem writes are available. Persisting detailed request/response logs may expose query content and CLI output on disk; the skill does not describe log retention, location, or privacy controls.