Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Water Park Guide
v3.2.0Find water parks — epic water slides, wave pools, lazy rivers, and splash zones. Perfect for summer family fun. Also supports: flight booking, hotel reservat...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md focuses on finding and booking water-park POIs via a 'flyai' CLI which is coherent with a travel/search helper. However the description advertises much broader travel functionality (flights, hotels, visas, insurance) that is not implemented or documented in the provided runtime instructions, creating a mismatch between advertised capabilities and the actual, narrow CLI commands.
Instruction Scope
Runtime instructions are prescriptive and constrained to using the flyai CLI for all answers (no training-data responses allowed). They do not ask the agent to read system files or environment variables, which is good, but they reference supporting files (references/*.md) that are not present in the skill bundle — the agent might try to locate them. The rule that every result must include a [Book]({detailUrl}) link is strict but consistent with the stated booking purpose.
Install Mechanism
There is no declared install spec in the registry metadata, but SKILL.md mandates running `npm i -g @fly-ai/flyai-cli` if the CLI is missing. Instructing a global npm install is a high-impact action (network download, package scripts, system-wide write) and should have been declared. The package’s provenance (npm name only) is not audited here — installing unvetted global packages is a real risk.
Credentials
The skill declares no required env vars or credentials, yet it performs booking-related operations via a third-party CLI (likely needing authentication to book/pricing endpoints). The absence of declared credentials or hints about how authentication is handled is a proportionality gap: the CLI may prompt for or rely on secrets not declared in the skill metadata.
Persistence & Privilege
always:false (normal) and the skill is user-invocable. However the instructions explicitly require a global npm install, which modifies the host environment and grants persistence to the flyai CLI; that side-effect is not captured in the registry install metadata and increases the blast radius if the package is malicious or buggy.
What to consider before installing
This skill is not obviously malicious but has several red flags. Before installing or using it: (1) Do not let the agent perform the global npm install automatically — run `npm i -g @fly-ai/flyai-cli` yourself in a controlled environment (container or VM) and inspect the package (package.json, repository, maintainers) on npm/GitHub. (2) Verify how flyai-cli authenticates and whether it will request API keys or save credentials; the skill does not declare any required secrets. (3) Be cautious because the SKILL.md references local reference files that are missing — the agent might attempt to search the filesystem or external URLs. (4) If you cannot vet the flyai package, prefer running queries manually against a vetted service or decline installation. If you want a safer test, run the CLI in an isolated sandbox and monitor network and filesystem activity.Like a lobster shell, security has layers — review code before you run it.
latestvk97adps4kbmqanrrar4m17ykmn84mh71
License
MIT-0
Free to use, modify, and redistribute. No attribution required.