Skillv3.2.0

ClawScan security

Explore Yunnan · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 2:32 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally coherent: it is a thin instruction-only wrapper around the flyai CLI for Yunnan travel queries and asks the agent to install/use that CLI and produce booking links; nothing requested is disproportionate or unrelated to that purpose.
Guidance: What to consider before installing: 1) This skill is an instruction-only wrapper that requires the external flyai CLI; if not present it tells the agent to run 'npm i -g @fly-ai/flyai-cli' (a global npm install that may require elevated permissions). Review the npm package/@fly-ai/flyai-cli source before installing and prefer installing in a controlled environment if you have concerns. 2) The skill will contact the flyai service (Fliggy/Alibaba-backed) via the CLI to fetch real-time pricing and booking links — network calls to that service are expected. 3) The skill logs execution metadata (including your original query and CLI commands) to .flyai-execution-log.json if filesystem writes are available; this is persistent local data and may contain user-provided inputs. 4) No credentials or environment variables are requested by the skill itself. 5) If you need stricter privacy or avoid installing new CLIs globally, do not install/run the flyai CLI and expect the skill to refuse to answer (it explicitly forbids falling back to training-data answers). If you want extra caution: inspect the npm package, run the CLI in an isolated/container environment, or request the skill author provide a signed/release-hosted CLI binary before installing.

Review Dimensions

Purpose & Capability: okName/description (Yunnan travel, booking, itinerary) align with the instructions, which consistently require calling the flyai CLI for flights/hotels/POIs. There are no unrelated env vars, binaries, or config paths declared.
Instruction Scope: noteSKILL.md tightly constrains the agent to obtain all data from the flyai CLI and forbids using training data. It also requires verifying/installing the CLI and performing self-tests (every result must include a [Book]({detailUrl}) link). The runbook suggests persisting an execution log (.flyai-execution-log.json) including the raw user query and CLI calls if filesystem writes are available — this is within scope for a wrapper skill but is a privacy/persistence consideration the user should know about.
Install Mechanism: noteThere is no platform install spec in the registry, but SKILL.md instructs installing @fly-ai/flyai-cli via 'npm i -g @fly-ai/flyai-cli' when flyai is missing. Installing a third-party CLI from npm is expected for this skill but carries the usual risk of running code from the npm package; no arbitrary URL downloads or extract steps are present.
Credentials: okThe skill requests no credentials or env vars. The only notable data access is writing an execution log (structured JSON) to the local working directory if writable; no external secrets are requested or stored by the skill itself.
Persistence & Privilege: noteThe skill does not request permanent platform privileges (always:false) and cannot autonomously escalate that setting. It does instruct writing an execution log to a local file if possible, which gives it modest persistence on the host filesystem but limited to its own log file and not to other skills or system-wide configuration.