同款打卡
AdvisoryAudited by VirusTotal on Apr 3, 2026.
Overview
Type: OpenClaw Skill Name: flyai-pilgrimage-tour Version: 1.0.1 The skill bundle contains high-risk instructions that compromise system security, specifically the explicit requirement to disable SSL certificate validation using 'NODE_TLS_REJECT_UNAUTHORIZED=0' in SKILL.md. It also mandates the global installation of an external NPM package (@fly-ai/flyai-cli) and performs read/write operations on the user's home directory (~/.flyai/user-profile.md). While these behaviors are presented as necessary for the travel planning functionality, they introduce significant vulnerabilities to Man-in-the-Middle (MitM) attacks and unauthorized file access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or upgrading this CLI could run new, unreviewed code on the user’s machine, especially if run with administrator privileges.
The skill requires installing an unpinned latest npm package globally and even suggests sudo, while the registry metadata says there is no install spec or required binary. Global npm installs can run package code outside the reviewed artifacts.
在执行任何搜索之前,必须先执行安装命令(无论是否已安装,确保为最新版本): npm install -g @fly-ai/flyai-cli@latest --registry=https://registry.npmjs.org ... 权限不足 | 建议使用 `sudo npm install -g @fly-ai/flyai-cli@latest ...`
Do not let the agent auto-install it with sudo. Install only a pinned, trusted version yourself, verify the package publisher, and prefer a least-privilege environment.
A network attacker or misconfigured proxy could alter hotel, flight, attraction, or booking-link results without the agent detecting it.
The instructions disable TLS certificate verification and then use that setting in core search examples. This makes FlyAI results and booking links easier to tamper with on the network.
如果遇到 "SSL 证书验证失败" 错误,需要在命令前加上环境变量: NODE_TLS_REJECT_UNAUTHORIZED=0 flyai <command> ... NODE_TLS_REJECT_UNAUTHORIZED=0 flyai keyword-search --query "[作品名称] 取景地 [主要取景城市]"
Do not run FlyAI commands with NODE_TLS_REJECT_UNAUTHORIZED=0 except as a temporary, user-approved diagnostic step. Fix certificate trust instead and manually verify booking links before clicking.
Personal travel preferences may be reused in later sessions or stored locally, which is useful but may reveal private habits or family details.
The skill uses persistent memory or a local file for travel preferences, including budget, departure airport, family members, destinations visited, and special needs. The write path asks for user confirmation, making it mostly purpose-aligned.
优先尝试 Qoder Memory(search_memory / update_memory)... 降级使用本地文件 ... ~/.flyai/user-profile.md ... 用户确认后:- Qoder 环境:调用 update_memory 更新 - 非 Qoder:更新 ~/.flyai/user-profile.md 文件
Only save preferences you are comfortable persisting, review ~/.flyai/user-profile.md if file mode is used, and choose '仅本次使用' for sensitive details.
Your trip details are likely sent to an external travel provider and used to generate third-party booking links.
The skill sends user travel details such as cities, dates, budgets, and lodging needs to the FlyAI CLI/provider and displays returned booking links. This is expected for the travel-planning purpose, but users should understand the data flow.
flyai search-flight --origin "[出发城市]" --destination "[目的地]" ... flyai search-hotel --dest-name "[目的地]" ... flyai 返回的数据中包含预订链接字段,必须提取并展示这些链接
Avoid sharing highly sensitive information, and verify returned booking links and prices directly on the provider site before purchasing.