Skillv3.2.0

ClawScan security

graduation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 25, 2026, 10:38 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly matches a flight-booking purpose but contains incoherent and potentially risky execution instructions (an undeclared global npm install, on-disk logging, and a possible mismatch between the claimed provider and the CLI it requires).
Guidance: This skill is plausible for booking graduation travel, but before installing or enabling it you should: (1) verify the @fly-ai/flyai-cli package source (npm page, repository, maintainer) and inspect its code or audit logs — npm packages run arbitrary code at install/runtime; (2) consider running the skill in a sandboxed/container environment rather than on your primary machine; (3) be aware the skill will persist an execution log (.flyai-execution-log.json) that may contain user input — delete or audit that file if you proceed; (4) ask the publisher to add a formal install spec and declare the required binary in the skill metadata and to justify the “Powered by Fliggy” claim if the CLI is unrelated; (5) if you cannot validate the CLI's behavior and telemetry, avoid installing globally and prefer a vetted provider or a skill with no install step.

Review Dimensions

Purpose & Capability: concernThe skill claims to book graduation-trip travel (flights, hotels, etc.), which fits the CLI commands shown, but it requires installing and using a @fly-ai/flyai-cli tool that is not declared in the skill metadata (no required binaries, no install spec). The description also says “powered by Fliggy (Alibaba Group)” while the runtime relies on a package named @fly-ai/flyai-cli — this mismatch is unexplained.
Instruction Scope: concernSKILL.md forces the agent to source every answer from flyai CLI output and to install that CLI if missing. It also instructs writing an execution log to .flyai-execution-log.json (echo ... >>) if filesystem writes are available. These runtime actions (global npm install, persistent log writes) go beyond simple read-only queries and could persist sensitive user input.
Install Mechanism: concernThere is no formal install spec in the registry, yet SKILL.md instructs running `npm i -g @fly-ai/flyai-cli`. Installing a global npm package executes third-party code on the host and is higher risk; the registry did not declare this dependency. The skill is effectively encouraging an external package install without provenance or vetting guidance.
Credentials: noteThe skill requests no environment variables or credentials in metadata, which is appropriate for a simple instruction-only skill. However, the flyai CLI may itself require or prompt for credentials or send data to external services; that is not declared. The runbook's persistent logging could capture queries (including PII) and store them locally.
Persistence & Privilege: concernThe skill does not request always:true, but it explicitly instructs installing a global binary and persisting execution logs to disk. Global installs and persistent logs increase the skill's system footprint and persistence beyond a single invocation.