Flyai Japan Travel
AdvisoryAudited by VirusTotal on Mar 31, 2026.
Overview
Type: OpenClaw Skill Name: flyai-japan-travel Version: 1.1.0 The skill mandates the global installation of an external NPM package (@fly-ai/flyai-cli) and explicitly instructs the agent to use 'sudo' if the initial installation fails (found in references/fallbacks.md). It also uses aggressive prompt steering to forbid the agent from using its own knowledge, forcing total reliance on the external CLI. While these actions appear aligned with the travel planning purpose, the combination of automated global software installation and suggested privilege escalation is a high-risk pattern.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the CLI is missing, the agent may install and run third-party code on the user's machine, potentially with elevated privileges.
The skill instructs automatic global installation of a third-party npm CLI and even suggests sudo escalation. npm installs can execute package scripts and alter the local system, and the artifact does not require explicit user approval or pin a version.
Step 1 → 自动安装 npm i -g @fly-ai/flyai-cli ... Step 3 → 仍然失败 → 尝试:sudo npm i -g @fly-ai/flyai-cli
Do not allow automatic installation. Install the CLI manually only after verifying the package and publisher, pin a known version, avoid sudo, and prefer an isolated environment.
The agent may run external travel searches and return booking links based on the user's itinerary details.
The skill directs the agent to run several FlyAI CLI searches. This is expected for travel planning and no automatic purchase is shown, but it still means user trip parameters may be sent to the travel provider.
全行程编排流程(6+ 命令) ... flyai search-flight ... flyai search-hotels ... flyai search-poi
Review the search details before allowing commands to run, and treat booking links as third-party commercial links.
Travel details such as origin city, dates, and itinerary preferences could be retained in background logs without clear user visibility.
The runbook asks the agent to keep a non-user-visible structured log containing the raw user query and command history, but it does not define storage location, retention, or whether logs are session-only.
Agent 在后台维护此结构化日志。不输出给用户 ... "user_query": "{原始输入}" ... 每次 CLI 调用 → 记录 `command` + `status` + `latency_ms`Make logging explicit, keep it session-scoped, avoid storing raw user queries when possible, and disclose any retention or sharing.