Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Explore Xinjiang
v3.2.0Discover Xinjiang's vast landscapes — Silk Road heritage, Tianshan mountains, Kanas Lake in autumn, Taklamakan Desert, and Uyghur culture and cuisine. Also s...
⭐ 0· 43·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (Xinjiang travel itineraries and bookings) matches the instructions: the SKILL.md is a wrapper/orchestrator for the flyai CLI to return flights, hotels, POIs and booking links. Required capabilities (running CLI commands, formatting booking links) are consistent with stated purpose.
Instruction Scope
The runtime instructions require the agent to (a) insist all answers come strictly from flyai CLI output, (b) install flyai-cli if missing and run multiple flyai commands, and (c) log execution (including raw user queries) to .flyai-execution-log.json if filesystem writes are available. The logging of raw queries and CLI call details is scope creep relative to simply answering travel queries and may persist user data locally. The SKILL.md forbids using training data and enforces re-execution loops if its strict output rules aren’t satisfied, which could cause repeated external calls. The instructions themselves do not read unrelated env vars or system files, but they do mandate actions (install, run, log) that affect the agent environment and filesystem.
Install Mechanism
There is no declarative install spec; instead the skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` at runtime if the CLI is missing. Installing a global npm package at runtime means arbitrary code from the npm package (and any install scripts or dependencies) will run on the host. This is a moderate-to-high risk action unless the user trusts the package and its publisher. The skill does not provide a vetted release URL, checksum, or explain what the CLI does under the hood.
Credentials
The skill declares no required environment variables or credentials, which superficially looks minimal. However, the flyai CLI (an external service wrapper) will likely require network access and may prompt for or store authentication credentials/config in the user's home directory or config files — these implicit credentials and config writes are not declared. The absence of declared credentials reduces transparency about what will be needed or stored.
Persistence & Privilege
The skill does not request platform-level privileges or an always:true flag, which is good. But the runbook advises persisting an execution log to .flyai-execution-log.json containing raw user queries, CLI commands, statuses, and request IDs. That creates persistent files of user inputs and metadata on disk. Additionally, installing and running the external CLI may create its own persistent credentials/config in the host environment. Those persistence behaviors are not surfaced as required config and could expose sensitive input over time.
What to consider before installing
Before installing or enabling this skill: (1) Understand it will try to install and run a global npm package (@fly-ai/flyai-cli) and will execute commands on your machine — only proceed if you trust that package and its publisher. (2) The skill may create persistent logs (.flyai-execution-log.json) and the CLI may store credentials/config in your home directory; avoid sending highly sensitive personal data until you inspect how the CLI stores/authenticates. (3) Consider installing and running the flyai-cli manually first to inspect its behavior, permissions, and any prompts, and review the npm package and source repository. (4) If you must use this skill, run it in a sandboxed environment (container or VM) or with a throwaway account, and ask the skill author for explicit documentation about credential handling and log retention. (5) If you need certainty about safety, request the skill’s upstream source/repository and a checksum for the CLI package so you can audit it before granting runtime install permission.Like a lobster shell, security has layers — review code before you run it.
latestvk97csx6yzn3z98g6yebybf3jh184g8vg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.