平替旅行家
AdvisoryAudited by VirusTotal on Apr 3, 2026.
Overview
Type: OpenClaw Skill Name: flyai-destination-substitute Version: 1.0.1 The skill bundle instructs the AI agent to perform a global system installation (npm install -g @fly-ai/flyai-cli) and explicitly directs it to bypass SSL certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0) when executing CLI commands, as seen in workflow.md. It also implements a persistent storage mechanism that reads and writes user data to the home directory (~/.flyai/user-profile.md). While these behaviors appear aligned with the travel planning purpose, they introduce significant security risks, including potential Man-in-the-Middle (MITM) vulnerabilities and supply chain risks through automated global package installation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill could cause the agent to run package installation code and change your global Node.js environment before giving travel advice.
The skill tells the agent to perform a global npm install or upgrade before any search. npm installs can execute package scripts and mutate the local environment, and this setup is not reflected in the declared install spec.
在执行任何搜索之前,**必须先执行安装命令** ... `npm install -g @fly-ai/flyai-cli@latest --registry=https://registry.npmjs.org`
Require explicit user approval before installing anything, declare the CLI dependency in the install metadata, pin a reviewed version instead of '@latest', and avoid automatic global installs.
Using sudo could let the installed package make system-wide changes, increasing the impact of a compromised or unexpected npm package.
The fallback advice asks the user to run the package install with administrator privileges. That is high-impact authority for a travel-planning skill and is not clearly bounded.
权限不足 | 建议使用 `sudo npm install -g @fly-ai/flyai-cli@latest --registry=https://registry.npmjs.org`
Do not recommend sudo as the normal path. Prefer user-local installation, a sandbox, or clear manual instructions that explain the risk.
The agent may install or run a different package than expected, making provenance and review harder.
The documentation names an unpinned '@latest' npm package that differs from the workflow's '@fly-ai/flyai-cli@latest' package, creating ambiguity about which external package the agent should run.
使用 `npx @anthropic-ai/flyai-cli@latest` 调用飞猪数据。
Use one clearly named package, pin its version, document its source, and ensure the registry metadata matches the runtime instructions.
Your travel queries and returned results could be exposed to or modified by a network attacker or misconfigured proxy.
The workflow prefixes FlyAI commands with NODE_TLS_REJECT_UNAUTHORIZED=0, which disables TLS certificate verification for Node-based HTTPS requests.
`NODE_TLS_REJECT_UNAUTHORIZED=0 flyai keyword-search --query "国内 [体验元素关键词] [可用天数]天"`
Remove NODE_TLS_REJECT_UNAUTHORIZED=0 from normal commands. If certificate errors occur, fix the certificate or proxy configuration instead of disabling verification.
Saved preferences may reveal personal travel habits and may affect future recommendations even when stale or incorrect.
The skill persists travel preferences such as city, budget, companions, and hotel preferences in memory or a local profile file. This is aligned with personalization, but it is persistent state that can influence future answers.
优先尝试 Qoder Memory(search_memory / update_memory)... 降级使用本地文件 ... `~/.flyai/user-profile.md`
Only save preferences after clear consent, let users inspect or delete the profile, and avoid storing sensitive details beyond what is needed for travel planning.