proposal-trip
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This travel skill is mostly coherent, but it asks the agent to install and run an unpinned global npm CLI outside the declared install metadata.
Before installing, verify that you trust the @fly-ai/flyai-cli package and do not allow automatic global installation unless you are comfortable modifying your local environment. Prefer running it in a sandbox and share only travel details you are willing to send to the provider.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent may modify the user's machine and run code from npm before providing travel results.
The skill requires fetching and installing an unpinned external npm package globally at runtime, while the provided install metadata does not declare a reviewed install mechanism.
Step 0: Environment Check (mandatory, never skip) ... `npm i -g @fly-ai/flyai-cli`
Require explicit user approval before installation, pin the CLI version, document package provenance, and prefer a sandboxed or declared install spec.
Malformed or adversarial input could cause unintended command behavior if the agent executes the template literally.
User-derived origin, destination, and date values are inserted into a shell-style command template, but the artifact does not require validation, escaping, or structured argv execution.
flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2Validate dates and city fields, pass arguments through a structured command API instead of shell string interpolation, and ask before running local commands.
The user's trip intent and timing may be shared with the external travel provider.
The workflow sends route and travel-date information through the flyai/Fliggy CLI to obtain real-time booking results.
powered by Fliggy (Alibaba Group) ... `flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}}`Use the skill only for travel details the user is comfortable sharing, and provide clear provider/privacy disclosure.