Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Top Attractions
v3.2.0Discover the most popular and highest-rated attractions in any city. Shows top-tier POIs with ticket prices, opening hours, and booking links. Also supports:...
⭐ 0· 30·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description claims 'Powered by Fliggy (Alibaba Group)' and broad support (flights, hotels, insurance, etc.), but the instructions only call a third-party CLI 'flyai' and show POI search commands. There is no homepage or vendor info, and no declared credentials for Fliggy. The Fliggy branding vs 'flyai' CLI is a mismatch and the broader claimed capabilities are not justified by the provided commands.
Instruction Scope
Runtime instructions strictly require running the flyai CLI and forbids using training data. They do not instruct reading arbitrary system files, but the runbook suggests creating/writing .flyai-execution-log.json containing the raw user_query and CLI call logs, which could persist sensitive user input. The instructions also insist on re-executing until every result includes a [Book]({detailUrl}) link — this enforces repeated network/CLI calls.
Install Mechanism
The skill has no registry install spec but instructs the agent to run 'npm i -g @fly-ai/flyai-cli'. Installing a global npm package is a moderate-risk operation (downloads and executes third-party code). The package name is not a well-known vendor in the manifest, and no checksum or verified release source is provided — verify the npm package and its code before installing.
Credentials
The skill declares no required credentials or env vars, yet promises booking links and other transactional features. It may rely entirely on the external CLI for auth, but that is unspecified. The lack of declared credentials is not necessarily malicious, but combined with unknown CLI provenance and Fliggy branding inconsistency it warrants caution.
Persistence & Privilege
always:false and no system-wide privileges are requested. However, the runbook explicitly suggests appending logs to .flyai-execution-log.json in the working directory, which gives the skill write persistence in the user's environment and may store user-provided queries. This is limited but should be considered before granting autonomous invocation.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found nothing — expected because this is an instruction-only skill with no code files. Lack of findings is not proof of safety; the SKILL.md itself contains the behavior of concern (npm install instruction, CLI usage, logging).
What to consider before installing
This skill is suspicious but not obviously malicious. Before installing or enabling it: 1) Verify the source of the '@fly-ai/flyai-cli' package on npm (inspect the package code, maintainer, and recent releases). 2) Ask the skill author for a homepage or vendor contact and clarification about the Fliggy claim and how bookings/authentication work. 3) If you must try it, run the CLI install and skill in a sandboxed environment (container or VM) and review any files it writes (e.g., .flyai-execution-log.json). 4) Consider disabling autonomous invocation unless you trust the CLI package and want the agent to run networked commands without prompting.Like a lobster shell, security has layers — review code before you run it.
latestvk9715z96neryn6n2tg9wz20t0d84q5eb
License
MIT-0
Free to use, modify, and redistribute. No attribution required.