Skillv3.2.0

ClawScan security

remote-work-travel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 27, 2026, 2:43 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions require installing and invoking an external CLI package at runtime (npm i -g @fly-ai/flyai-cli) despite the registry metadata claiming no requirements, and the provenance of that package is unspecified — this mismatch and on-the-fly global install present a security risk.
Guidance: This skill is instruction-only but tells the agent to globally install and run an external npm package (@fly-ai/flyai-cli) at runtime — the package's source and trustworthiness are not provided. Before installing: (1) verify the package on the npm registry and its linked source repository (GitHub/etc.), review maintainer and recent publish history; (2) confirm the relationship between 'flyai' and the claimed 'Fliggy (Alibaba Group)' branding; (3) prefer running such installs in a sandbox or container rather than on your primary machine because global npm installs run arbitrary code; (4) ask the skill author to supply a concrete install spec (trusted release URL, checksum, or repository) or to declare required binaries in the registry metadata; (5) if you cannot verify the package provenance, do not install — consider using an alternative travel integration with known, auditable tooling. Additional information that would change this assessment: a homepage/repository URL for the skill and for the @fly-ai/flyai-cli package, a vetted install spec (signed release or GitHub release), or registry metadata updated to declare the CLI requirement and its trusted source.

Review Dimensions

Purpose & Capability: concernThe skill claims to book travel (mentions being 'powered by Fliggy') but the SKILL.md mandates using a 'flyai' CLI and, if missing, installing @fly-ai/flyai-cli via npm. The registry metadata listed no required binaries or env vars, which contradicts the runtime instructions. The relationship between 'flyai' and the claimed Fliggy/Alibaba brand is unclear.
Instruction Scope: concernThe runtime instructions force the agent to run the flyai CLI for every answer and to install a global npm package if the CLI is absent. This gives the skill the ability to pull and execute external code at runtime. The instructions do not ask for unrelated files or secrets, but they explicitly require network-based package installation and repeated CLI execution until a booking link appears.
Install Mechanism: concernThere is no install spec in the registry, yet SKILL.md tells the agent to run `npm i -g @fly-ai/flyai-cli` when the CLI is missing. On-the-fly global npm installs are high-risk because they fetch and run code from a package registry with no provided repository/homepage or integrity checks. No vetted release URL or signature is provided.
Credentials: okThe skill does not request environment variables, config paths, or credentials in the registry metadata, and the SKILL.md does not reference secrets or unrelated env vars. The lack of declared credentials is coherent with the travel-booking purpose — however, the runtime npm install still alters the environment.
Persistence & Privilege: okThe skill does not request 'always: true', does not declare modifications to other skills or system-wide configs, and is user-invocable only. The primary concern is the transient privilege of installing/running a global CLI, not persistent platform-level privileges.