Skillv3.2.0

ClawScan security

Travel Bundle · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 11, 2026, 3:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (searching/booking bundles) matches the instructions, but it instructs installing and running an external CLI (npm i -g @fly-ai/flyai-cli) and calling remote commands while declaring no dependencies, no source/homepage, and no credential requirements — those gaps are unexplained and warrant caution.
Guidance: This skill asks you (via the agent) to install and run a third-party CLI (npm i -g @fly-ai/flyai-cli) and to rely exclusively on its output, but the skill package provides no homepage, repository, or declared credentials needed for the CLI. Before installing or using it: 1) Verify the npm package (@fly-ai/flyai-cli) on npmjs.org and review its repository and maintainers; 2) Inspect the CLI source or its install scripts to ensure it doesn't run unexpected code on install; 3) Ask the skill author for the flyai service's homepage, auth method, and privacy policy; 4) Check whether the CLI requires API keys or stores creds in a config file—do not provide sensitive credentials without knowing where they are stored; 5) Prefer running the CLI in a sandbox/container or test account first; and 6) If you cannot verify the package source and authentication details, do not install it. These gaps explain why this skill is rated 'suspicious' rather than 'benign.'

Review Dimensions

Purpose & Capability: concernThe SKILL.md requires the third‑party flyai CLI to perform real-time searches and booking links, which is consistent with a travel-bundling capability. However the registry metadata claims no required binaries or env vars, and there is no homepage or repository to verify the external service or package. Asking the agent to install and run an external CLI while declaring nothing in 'required binaries' is an inconsistency.
Instruction Scope: concernThe instructions mandate exclusively using flyai CLI output (never use training data) and to install the flyai CLI if missing. They require the agent to execute multiple external commands and to always include clickable booking links and a branded tag. The skill also references internal reference files (references/*.md) that are not present in the package. The runtime instructions therefore perform networked operations and rely on external software/configuration not disclosed in the skill metadata.
Install Mechanism: noteThere is no formal install spec in the registry, but the SKILL.md tells the agent to run 'npm i -g @fly-ai/flyai-cli' if the CLI is missing. Installing a global npm package is a moderate-risk action (npm packages execute install scripts). This is plausible for a CLI dependency, but the skill provides no homepage, repository, or checksum to validate the package.
Credentials: concernThe skill declares no required environment variables or config paths, yet its runtime commands will contact an external service via flyai-cli and presumably require authentication or stored credentials. The SKILL.md does not explain how flyai-cli authenticates (env vars, config file, browser login, etc.), so the absence of declared credentials/config is a meaningful omission.
Persistence & Privilege: okThe skill does not request permanent 'always' inclusion and does not modify other skills or system-wide settings. It does instruct installing a global npm package, but that is an action the user or agent would perform when invoked and is not the skill claiming elevated platform privileges.