Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Explore Thailand
v3.2.1Plan your Thailand adventure — Bangkok temples and street food, Chiang Mai elephants and night bazaar, Phuket beaches, Koh Samui islands, and Thai massage. A...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description (Thailand travel planning) match the instructions: the skill is explicitly a wrapper/orchestrator for flyai-cli to provide real-time flights, hotels, POIs and booking links. There are no unrelated environment variables, binaries, or config paths requested that would contradict the travel purpose.
Instruction Scope
SKILL.md tightly constrains behavior to running flyai CLI commands and formatting their JSON output; it explicitly forbids answering from training data and requires every result to include a booking link. The instructions also require logging execution (request_id, user_query, CLI calls) and re-executing until a [Book](...) link is present — this can cause repeated network calls and will record raw user input (possibly PII) into a local log file. The instructions do not reference unrelated system files or credentials, but they do assume the agent can run npm and the flyai CLI.
Install Mechanism
The skill is instruction-only (no install spec in registry), but it instructs runtime installation via `npm i -g @fly-ai/flyai-cli`. Installing a public npm CLI globally is a reasonable way to obtain a client, but global npm installs can run package scripts (postinstall) and execute code with user privileges. The package provenance (publisher, npm/GitHub project) should be verified before allowing an agent to install it automatically.
Credentials
No environment variables, credentials, or config paths are declared or required by the skill, which is consistent with a CLI-driven workflow where the CLI handles auth. However, the runbook logs include the raw user query and could persist sensitive data locally; the skill does not declare any secret access, which aligns with its stated purpose.
Persistence & Privilege
always is false and the skill doesn't request elevated privileges. It does instruct writing an execution log file (.flyai-execution-log.json) if filesystem writes are available — this is reasonable but creates persistent files containing user queries and CLI call metadata. Consider where these logs would be stored and who can read them.
Assessment
This skill appears to do what it says: it wraps a third-party CLI (flyai-cli) to fetch live travel data and booking links. Before installing or letting an agent run it automatically: 1) verify the flyai-cli package and its publisher (npm page, GitHub repo, and community trust); 2) prefer installing the CLI manually in a sandbox or VM first to inspect postinstall behavior; 3) be aware the skill may write a local execution log containing your raw query (which can include PII) — decide whether that is acceptable or change the working directory to a safe location; 4) expect the agent to make network calls and possibly re-run CLI commands until booking links are returned, which could increase traffic; 5) if you do not trust the flyai-cli publisher, decline to install and ask the agent for an offline/manual itinerary instead.Like a lobster shell, security has layers — review code before you run it.
latestvk9714efzz8ppb30vh93ce60fvh84h5rf
License
MIT-0
Free to use, modify, and redistribute. No attribution required.