Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Solo Trip
v3.2.0Plan solo travel adventures — safe destinations, social hostels, solo-friendly activities, and tips for meeting fellow travelers on the road. Also supports:...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to provide real-time travel bookings and names Fliggy (Alibaba Group) as the backend; requiring a CLI (flyai) to get live data is consistent with that purpose. However, the SKILL.md does not declare any credentials or explain how the CLI authenticates to Fliggy (or whether it will prompt for user credentials), which is a missing piece of justification.
Instruction Scope
The runtime instructions mandate installing and invoking @fly-ai/flyai-cli and require every answer to come exclusively from that CLI. The runbook also instructs the agent to create an internal execution log and suggests writing it to .flyai-execution-log.json if filesystem writes are available. These steps broaden scope to installing software, accessing network endpoints, and persisting potentially sensitive user queries and command outputs to disk.
Install Mechanism
There is no registry install spec, but the SKILL.md explicitly tells the agent to run a global npm install (npm i -g @fly-ai/flyai-cli) at runtime if the CLI is missing. That causes arbitrary code to be fetched and installed from the npm registry during execution — a moderate-to-high risk operation that is not vetted by the skill manifest and is executed without prior user-declared approval in the metadata.
Credentials
The skill declares no required environment variables, but the flyai CLI will likely need authentication to book or access live pricing. The SKILL.md does not explain where credentials come from or how they are protected. Additionally, the runbook/logging behavior may capture and persist user queries, commands run, and results — potentially containing PII or booking credentials — without describing retention or access controls.
Persistence & Privilege
The skill is not always-on and does not request special platform privileges. However, it instructs the agent to persist an execution log to disk when possible. Writing .flyai-execution-log.json with raw user_query and CLI outputs increases persistence and local data exposure; this is a notable behavior even if limited to the skill's own logs.
What to consider before installing
This skill is coherent as a CLI-driven travel planner, but it asks the agent to install and run a third-party npm CLI at runtime and to persist execution logs. Before installing or using it: (1) verify the @fly-ai/flyai-cli package and publisher on the npm registry (check package maintainers, versions, and reviews); (2) prefer to install the CLI yourself (not let the agent run npm i -g) so you control installation and can inspect what is installed; (3) confirm how the CLI authenticates to Fliggy and whether any credentials or tokens are required — don't provide secrets unless you trust the CLI and understand where they are stored; (4) ask whether execution logs will be stored locally and what they contain; if you need stronger assurances, decline or sandbox the skill (require explicit approval before any install or filesystem write).Like a lobster shell, security has layers — review code before you run it.
latestvk970gznfpn2eg4q59zjkg7r85d84mke1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.