Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Theme Park Guide
v3.2.0Find and book theme park tickets — Disney, Universal Studios, Happy Valley, Chimelong. Shows real-time availability, pricing, and express pass options. Also...
⭐ 0· 36·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's stated purpose (find and book theme park tickets) matches the SKILL.md's reliance on a flyai CLI for real‑time data. However, the description also claims broad support (flights, hotels, visas, travel insurance) while the SKILL.md focuses only on theme-park CLI commands and references other playbooks without including them. The claimed tie to Fliggy/Alibaba is asserted but not substantiated with a homepage, repo, or documented auth flow.
Instruction Scope
The runtime instructions force all answers to come from the flyai CLI and explicitly require installing and running that CLI if missing. There are no instructions about how authentication with the booking service should be handled (tokens, OAuth, or interactive login), and the skill will likely cause the agent to execute networked commands and potentially prompt for credentials. The rules are strict (must include [Book] links, never use training data) which increases the chance the agent will run the CLI repeatedly or prompt the user for sensitive info.
Install Mechanism
There is no formal install spec in the registry metadata, but SKILL.md directs running `npm i -g @fly-ai/flyai-cli` (global npm install, unpinned). Installing an unverified global npm package is higher risk: it executes third-party code on the user's machine, may persist binaries, and no integrity, version pin, or official source (homepage/repo) is provided to allow vetting.
Credentials
The skill declares no required environment variables or credentials, which is good on its surface. But booking flows typically require authentication; the SKILL.md omits how the CLI authenticates. That gap may lead to the agent asking the user to enter credentials or running the CLI which may store tokens locally — a behavior not accounted for in the manifest and worth confirming before use.
Persistence & Privilege
The skill itself does not request always‑on privileges and does not modify other skills. However, it instructs installing a global CLI which creates persistent binaries on the system and can increase attack surface. This is operationally significant even though 'always' is false.
What to consider before installing
This skill is instruction-only and depends entirely on running an external npm CLI (npm i -g @fly-ai/flyai-cli) that is not linked to an official homepage or repo in the registry metadata. Before installing or using it: 1) verify the npm package and its maintainer (npm page, GitHub repo, release history, package audits); 2) avoid running a global install on sensitive machines — test in a sandbox or VM first; 3) ask the skill author how authentication is handled and whether the CLI will prompt/store credentials; 4) prefer skills that include a homepage/repository and signed releases or pinned versions; 5) if you must use it, do not enter secrets until you confirm the package provenance and review its code. The current gaps (unverified global install + missing auth/provenance) are why this is flagged as suspicious rather than benign.Like a lobster shell, security has layers — review code before you run it.
latestvk970ed2jwvxwy92kbe70bxxf2d84nq9e
License
MIT-0
Free to use, modify, and redistribute. No attribution required.