Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Urgent Flights
v3.2.0Find flights departing within 48 hours. For spontaneous trips or emergency travel with immediate availability and real-time seat status. Also supports: fligh...
⭐ 0· 32·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description: urgent last‑minute flights. Instructions and playbooks consistently focus on flight search and last‑minute scenarios. However the description claims “Powered by Fliggy (Alibaba Group)” while the runtime CLI is @fly-ai/flyai-cli — an unexplained branding mismatch. The description also lists many extra services (hotel, visa, insurance) but the SKILL.md only documents flight CLI commands. These are not definitive red flags but are inconsistent and worth checking with the publisher.
Instruction Scope
SKILL.md mandates always sourcing every answer from the flyai CLI and explicitly forbids using any training data. It requires installing the flyai CLI at runtime if absent and requires producing outputs with booking links from CLI JSON only. The runbook instructs persisting an execution log that includes the raw user query. Writing user queries to a local .flyai-execution-log.json file is not declared in the skill metadata and may persist potentially sensitive input. The skill also suggests escalating install attempts (commented fallback shows `sudo npm i -g ...`), which could require elevated privileges.
Install Mechanism
There is no declared install spec in the registry metadata, yet the runtime instructions require running `npm i -g @fly-ai/flyai-cli` if the CLI is missing. That means the agent will download and install a third‑party npm package at runtime. Installing a global npm package is a non‑trivial operation (network download, arbitrary code execution). The package is from the public npm ecosystem (traceable) but this runtime installation is not declared in the registry metadata and increases risk.
Credentials
The skill requests no environment variables or credentials, which is proportionate for a read-only flight search. However the runbook log includes the full user_query and CLI command history; those may capture PII (names, emails, passport fragments) if users include them. The skill does not declare any config paths but instructs writing to a local log file, so data persistence is not explicit in the metadata.
Persistence & Privilege
The skill will persist an execution log to .flyai-execution-log.json 'if file system writes are available' and logs raw user queries and CLI calls. This creates local persistence of user inputs and CLI results without that persistence being declared in the manifest. The skill does not request always:true, so it won't be force-enabled, but the logging behavior and the potential need to run global npm installs (with possible sudo) raise privilege/persistence concerns.
What to consider before installing
Things to consider before installing: (1) The skill will try to install a global npm package (@fly-ai/flyai-cli) at runtime if the CLI is missing — review that package on npm/GitHub first or run in an isolated environment. (2) The SKILL.md says it will write an execution log (including the raw user query) to .flyai-execution-log.json — expect local persistence of whatever users input and verify you are comfortable with that. (3) The description mentions Fliggy but the CLI is flyai — ask the publisher to clarify the data/source and who operates the CLI/back-end. (4) If you do not want agents to install global packages or write files, do not grant those capabilities or run the skill in a sandbox. (5) If you need higher assurance, request the skill author to supply a declared install spec, the upstream package repository (source), and an explicit privacy statement describing what is logged and retained.Like a lobster shell, security has layers — review code before you run it.
latestvk970x40nssj9v236hevde312en84qbnd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.