Travel Personality Test
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the quiz could cause the agent to add another external skill and then rely on it for recommendations, which may introduce behavior the user did not separately review.
This tells the agent to install another skill at runtime if FlyAI is missing. The dependency is not included in the reviewed files and no exact version/source pin is shown, so it can expand the agent environment without clear user confirmation.
which flyai || clawhub skill install flyai ... 未安装时:自动执行 `clawhub skill install flyai`
Require explicit user approval before installing FlyAI, pin the dependency source/version, declare it consistently in registry metadata, and offer the local cities.md fallback if the user declines.
Your quiz result and travel interests may be used in an external search request for recommendations.
The skill sends quiz-derived personality and travel-preference context to the FlyAI dependency to get live recommendations. This is purpose-aligned, but users should know when an external/dependent service is being queried.
flyai keyword-search --query "{{人格类型}}({{关键词}}:{{核心特征}})适合去的旅行目的地 {{月份}}"Disclose the FlyAI call before sending the query and let users choose the local fallback recommendations instead.
If you configure a FlyAI API key, the dependent service may use your account quota or permissions.
The skill may use a FlyAI API key for the external integration. This is expected for the stated travel-data feature, and the artifacts do not show hardcoding, logging, or unrelated credential use.
export FLYAI_API_KEY="your_api_key"
Use a scoped key if available, keep it out of shared chats or files, and rotate it if it is exposed.