Duffel Flights
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears to be a real Duffel flight-booking wrapper, but it can create paid live airline bookings using an undeclared API token and lacks a documented final confirmation step before booking.
Install only if you intend to let the agent use a Duffel API token for flight operations. Prefer a test token first, keep live tokens tightly controlled, and require the agent to ask for explicit approval before any live booking or cancellation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes the booking command with the wrong offer or passenger details, it could spend a funded Duffel balance and create a real airline ticket.
The documented command can create a live paid booking. The artifacts show a confirmation flag for cancellation, but do not document an equivalent confirmation or final-review gate for booking.
`python scripts/duffel.py book 3 --pax ...`; `Payment uses Duffel account balance.`; `Production: real airlines, real tickets.`
Require explicit user confirmation immediately before any live booking, show itinerary/passengers/fare/refundability/total cost, and consider a separate `--confirm` or live-token guard.
A user may not realize before installation that the skill needs an API token with authority over a Duffel account capable of creating or cancelling orders.
The registry metadata under-declares the credential needed for a Duffel API token that can access booking and cancellation APIs using the account balance.
metadata: `Required env vars: none`, `Primary credential: none`; SKILL.md: `Set DUFFEL_TOKEN env var with your Duffel API access token.`
Declare `DUFFEL_TOKEN` as a credential/environment requirement, document the required token scope, and recommend test tokens or least-privilege live tokens where possible.
Stale or locally modified search state could make numbered offer references point somewhere unexpected, and recent search details may remain on disk.
The script persists search offers in a predictable temporary file and later trusts that file for number-based offer references.
`LAST_SEARCH_FILE = "/tmp/duffel-last-search.json"` ... `with open(LAST_SEARCH_FILE) as f: data = json.load(f)`
Store search state in a per-user private location with restrictive permissions, clear it when no longer needed, and show the final offer ID and price before booking.