Flyai Japan Travel
WarnAudited by ClawScan on May 10, 2026.
Overview
The Japan travel workflow is coherent, but it asks the agent to automatically install a global npm CLI, including a sudo fallback, and to keep hidden logs.
Use this skill only if you are comfortable installing and running the FlyAI CLI. Do not let the agent auto-install it with sudo; verify and install it yourself, preferably in a sandbox. Be aware that your travel search details may be sent to FlyAI/Fliggy and may be kept in background logs.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI is missing, the agent may install and run third-party code on the user's machine, potentially with elevated privileges.
The skill instructs automatic global installation of a third-party npm CLI and even suggests sudo escalation. npm installs can execute package scripts and alter the local system, and the artifact does not require explicit user approval or pin a version.
Step 1 → 自动安装 npm i -g @fly-ai/flyai-cli ... Step 3 → 仍然失败 → 尝试:sudo npm i -g @fly-ai/flyai-cli
Do not allow automatic installation. Install the CLI manually only after verifying the package and publisher, pin a known version, avoid sudo, and prefer an isolated environment.
The agent may run external travel searches and return booking links based on the user's itinerary details.
The skill directs the agent to run several FlyAI CLI searches. This is expected for travel planning and no automatic purchase is shown, but it still means user trip parameters may be sent to the travel provider.
全行程编排流程(6+ 命令) ... flyai search-flight ... flyai search-hotels ... flyai search-poi
Review the search details before allowing commands to run, and treat booking links as third-party commercial links.
Travel details such as origin city, dates, and itinerary preferences could be retained in background logs without clear user visibility.
The runbook asks the agent to keep a non-user-visible structured log containing the raw user query and command history, but it does not define storage location, retention, or whether logs are session-only.
Agent 在后台维护此结构化日志。不输出给用户 ... "user_query": "{原始输入}" ... 每次 CLI 调用 → 记录 `command` + `status` + `latency_ms`Make logging explicit, keep it session-scoped, avoid storing raw user queries when possible, and disclose any retention or sharing.