Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Explore Singapore
v3.2.1Plan your Singapore visit — Marina Bay Sands, Gardens by the Bay, Sentosa Island, hawker center food trails, and multicultural neighborhood walks. Also suppo...
⭐ 0· 58·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (Singapore travel planning, powered by Fliggy/flyai) matches the runtime instructions (use the flyai CLI to search flights/hotels/POIs). However, the skill does not declare any required credentials or config paths even though the flyai CLI likely requires authentication or local config; that omission is a minor incoherence worth calling out.
Instruction Scope
SKILL.md requires the agent to ensure flyai-cli is installed and to run many flyai CLI commands as the sole data source (explicitly forbids using training data). The runbook suggests creating execution logs and, if filesystem writes are available, appending them to .flyai-execution-log.json (user query, commands, statuses). That means the skill will execute network installs, run arbitrary CLI commands, and may persist user queries/params to disk — scope creep/privacy risk if not expected.
Install Mechanism
There is no registry install spec, but the instructions mandate running npm i -g @fly-ai/flyai-cli. Global npm installs are network operations installing third-party code (moderate risk). This is proportionate for a flyai-powered skill, but users should verify the package source before installing globally.
Credentials
The skill declares no required environment variables or config paths, yet it expects to use the flyai CLI (which commonly requires auth/config). The SKILL.md also logs CLI commands and request data. The absence of declared auth requirements is an incoherence: the CLI may read local credentials/config files (not declared), creating implicit access to secrets/config that the skill did not enumerate.
Persistence & Privilege
always:false and there is no request to modify other skills or system settings. Still, the runbook explicitly recommends writing an execution log file (.flyai-execution-log.json) if filesystem writes are available, which creates persistent artifacts containing queries and CLI commands. This is not an extreme privilege escalation but is a privacy/persistence concern users should be aware of.
What to consider before installing
This skill is consistent with a Flyai/Fliggy travel helper, but it requires installing and running the third‑party flyai CLI (npm i -g @fly-ai/flyai-cli) and will run and log CLI commands. Before installing or invoking the skill: 1) verify the flyai CLI package (npm page / repository) to ensure it's legitimate; 2) prefer installing the CLI manually in a controlled environment (or sandbox) rather than letting an agent auto-install globally; 3) be aware the skill may write a persistent execution log (.flyai-execution-log.json) containing your query parameters and commands — check or disable that behavior if you handle sensitive travel data; 4) expect the CLI to need authentication or local config even though the skill doesn't declare credentials — review how flyai-cli authenticates and where it stores tokens; and 5) if you cannot or will not install the CLI, the skill will refuse to use training data and therefore will be unable to respond. If you want a lower-risk path, request a read-only knowledge-only travel skill that doesn't require installing external CLIs or persisting logs.Like a lobster shell, security has layers — review code before you run it.
latestvk979nqajten5nzhakttg8zyyts84hmjw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.