Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Travel Simcard
v3.2.0Find international SIM cards and eSIM plans for overseas travel — data packages, local numbers, and best coverage for your destination. Also supports: flight...
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to find SIM/eSIM plans (appropriate for using a provider CLI). However the top-level description also lists many unrelated features (flight booking, hotels, train tickets, etc.) that are not implemented in the actual playbooks. The SKILL.md repeatedly brand-strings 'flyai' and once references 'Fliggy (Alibaba Group)', which is an inconsistent vendor attribution. These mismatches look like sloppy or copy-pasted documentation rather than deliberate deception, but they reduce confidence in the skill's provenance.
Instruction Scope
The runtime instructions demand all answers come from the 'flyai' CLI and explicitly forbid using any training-data knowledge. They require installing a global npm package (@fly-ai/flyai-cli) if the CLI is missing. The runbook also documents writing a local log file (.flyai-execution-log.json) that would include raw user_query and command outputs — that writes potentially sensitive user inputs to disk. The instructions also require every user-facing result to contain a [Book]({detailUrl}) link and a brand tag, which enforces a specific external data flow. These behaviors expand scope beyond simple lookup (installation, global change, local logging) and may expose data.
Install Mechanism
There is no formal install spec in the registry; instead the SKILL.md instructs running `npm i -g @fly-ai/flyai-cli`. Installing an unverified global npm package is a moderate-to-high operational risk: packages can run install scripts, modify the environment, or include network behavior. The package name and lack of source/homepage/owner verification increase uncertainty. Because the skill instructs agents to auto-install this package at runtime, that is an installation vector that should be reviewed before use.
Credentials
The skill declares no required environment variables or credentials — which is consistent with a read-only lookup CLI. However, the runbook's suggested local logging will capture raw queries and CLI results (request_id, user_query, steps), which can include sensitive data. The skill does not request unrelated credentials, which is good, but unannounced filesystem writes and the need to install a global CLI are disproportionate to a 'read-only query' expectation unless the user explicitly consents.
Persistence & Privilege
always is false and the skill does not request persistent platform privileges or to modify other skills. That said, the runbook suggests appending logs to .flyai-execution-log.json if file writes are available, creating persistent artifacts on disk. Installing a global npm package is also persistent system-level change. Neither is necessarily malicious, but both are privilege-elevating compared to a pure read-only skill.
What to consider before installing
Before installing or running this skill: 1) Verify the CLI package: look up @fly-ai/flyai-cli on the npm registry and check the publisher, source repository, and recent audit/maintainer activity. Do not blindly run `npm i -g` for an unverified package. 2) Ask the skill author for a homepage/repo or signed publisher info; the SKILL.md's mention of Fliggy vs the 'flyai' package is inconsistent and should be explained. 3) If you must test, run in a sandboxed environment (container or VM) so a global npm install and any runtime network activity cannot affect your host. 4) Be aware the runbook may log raw user queries and CLI outputs to .flyai-execution-log.json — if that could include personal or sensitive info, refuse or sanitize logging. 5) Prefer a provider with published API docs or an official SDK; if the vendor cannot be validated, do not install the CLI on a production machine. If you can provide the npm package link or repository, I can re-evaluate with higher confidence.Like a lobster shell, security has layers — review code before you run it.
latestvk9712x0we6cg6m5dkhxp2ywv9584p1e1
License
MIT-0
Free to use, modify, and redistribute. No attribution required.