Skillv3.2.1

ClawScan security

Explore Japan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 2:33 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent (it wraps a third‑party flyai CLI to provide live Japan travel data), but it requires installing and running an external npm CLI and logs execution to disk — actions that increase risk unless you verify the external package and its origin.
Guidance: Before installing or enabling this skill: - Verify the flyai CLI and the skill source: ask the publisher for a homepage or repository link (the skill metadata currently lists no homepage/source). Inspect the @fly-ai/flyai-cli npm page and its GitHub repository (read the code and recent maintainer activity) before running npm i -g. - Treat global npm installs as potentially dangerous: prefer installing in a sandbox/container or a throwaway VM rather than on a production or sensitive machine. - Check what credentials the flyai CLI requires (booking/payment flows can ask for account tokens or credit card details). The skill itself doesn't request env vars, but the CLI may. - Confirm logging behavior: the runbook suggests appending an execution log to .flyai-execution-log.json; decide whether you’re comfortable storing user queries/requests locally and who can read that file. - If you cannot verify the CLI’s provenance, decline to install the skill or request the skill author to include a verifiable homepage/repo and a non-global install option. If you want, I can: (1) show how to inspect the npm package and its repository, (2) suggest a safe sandboxed install workflow, or (3) draft questions to ask the skill author to improve provenance and safety.

Review Dimensions

Purpose & Capability: okThe name/description match the instructions: the SKILL.md consistently instructs the agent to use the @fly-ai/flyai-cli to fetch flights, hotels, POIs and to include booking links. All commands and playbooks align with a travel companion that delegates to a CLI.
Instruction Scope: noteThe instructions force the agent to be a CLI executor and to never use training data — every output must come from flyai CLI output. It mandates installing the flyai CLI if absent and requires every result include a [Book]({detailUrl}) link. The runbook also instructs logging execution steps and (if filesystem writable) appending logs to .flyai-execution-log.json. These are coherent with the skill's purpose but increase surface area: reliance on an external binary and local logging may capture or surface sensitive data.
Install Mechanism: concernThe skill has no formal install spec but explicitly instructs installing a global npm package (npm i -g @fly-ai/flyai-cli). Installing global npm packages can execute arbitrary code and changes system state. The manifest provides no homepage/source for either the skill or the referenced CLI, so you can't easily verify the package's provenance from the skill metadata alone.
Credentials: noteThe skill declares no required environment variables or credentials (which is proportionate). However, the external CLI it depends on may itself request or use credentials/config files, and the skill's runbook suggests writing logs containing full request & CLI command details — potentially recording user input or identifiers. The skill does not ask for unrelated credentials, which is good.
Persistence & Privilege: notealways:false and no OS restrictions are reasonable. The runbook's example shows optional persistence (.flyai-execution-log.json) if filesystem writes are available; this is a modest persistence behavior but worth noting because it can store queries and command outputs locally. The skill does not request elevated privileges or modify other skills' configurations.