Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Book Museum Passes & Tickets — Museum Entry, Exhibition Access, Gallery Tours & Culture Passes
v3.2.0Find museums, art galleries, and exhibitions in any city. Many are free but require advance reservation — get ticket links and visiting tips. Also supports:...
⭐ 0· 38·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description advertises broad travel capabilities (flights, hotels, Fliggy/Alibaba integration) but the SKILL.md only documents museum/gallery/exhibition POI searches using a local 'flyai' CLI. The 'Powered by Fliggy' claim isn't substantiated by commands or declared credentials. This mismatch could be innocent (marketing language) but is unexplained.
Instruction Scope
The instructions mandate executing the @fly-ai/flyai-cli tool for every query and forbid using any offline/training-data answers; they also direct creating a persistent execution log file (.flyai-execution-log.json) when filesystem writes are available. Running and relying exclusively on an external CLI means data (user queries, parameters, maybe PII) will be sent to whatever backend that CLI communicates with. The SKILL.md does not document what the CLI does with data or how it is authenticated.
Install Mechanism
There is no registry install spec — the SKILL.md instructs a runtime global npm install (npm i -g @fly-ai/flyai-cli). A global npm install executed by the agent (or recommended to the user) installs third‑party code with network/file access. The package source, homepage, or checksum is not provided, increasing supply‑chain risk.
Credentials
The skill declares no required environment variables or credentials, yet it expects to call a networked CLI that likely requires account authentication (Fliggy integration claim). The absence of declared credentials or explicit auth flow is inconsistent and means the CLI may rely on undocumented local config or prompt flows — a hidden dependency on credentials and persisted tokens.
Persistence & Privilege
always: false (good), but the runbook explicitly suggests appending execution logs to a local file (.flyai-execution-log.json). That means the skill will persist user queries and CLI responses to disk if filesystem access is available. Combined with installing a global package, this grants moderate persistent footprint and potential exposure of user data.
What to consider before installing
Before installing or enabling this skill, consider the following: (1) verify the @fly-ai/flyai-cli package on npm (homepage, publisher, source code, recent activity) and confirm it is the intended, trustworthy client for any Fliggy integration; (2) ask the skill author to document the CLI's network endpoints, authentication method, and privacy policy (where are queries sent, and where are tokens stored); (3) prefer skills that declare install specs and required credentials explicitly in the registry metadata; (4) avoid allowing the agent to run global npm installs or write persistent logs on your primary environment — test in a sandbox first; (5) if you need only museum search capabilities, consider using a skill whose scope and requirements match exactly (no undocumented travel features or implicit external CLIs). Providing the CLI package URL, publisher info, or an official homepage for this skill would materially reduce the risk and could move this assessment toward benign.Like a lobster shell, security has layers — review code before you run it.
latestvk97fndcyptc27ewhpk9a0ka0an84s5nh
License
MIT-0
Free to use, modify, and redistribute. No attribution required.