Flight
WarnAudited by ClawScan on May 10, 2026.
Overview
This flight helper is mostly purpose-aligned, but it includes an unsafe instruction to book some fares before asking the user and it stores sensitive travel details locally.
Review this skill before installing. If you use it, require the agent to ask before any booking, rebooking, cancellation, payment, or credential use, and periodically review or delete the local files it creates under `~/flight/` and `~/flights/`.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent following this instruction could make a flight purchase before the user has approved the fare, payment method, refund rules, or itinerary.
This explicitly encourages booking before user review. Flight purchases can charge money, create contractual commitments, and may not be safely reversible.
Error fares: book immediately, ask questions later (refundable if mistake)
Require explicit user confirmation before any booking, rebooking, cancellation, payment, or fare-rule commitment, including error fares.
Local files may retain travel plans, loyalty details, and booking references beyond the current session.
The skill stores persistent travel preferences and booking reference data locally. PNRs and travel history can be sensitive and may enable access to reservations.
Preferences persist in `~/flight/memory.md`. Create on first use. ... Store flight data in ~/flights/: ... bookings — active reservations with PNRs
Tell users exactly what will be saved, ask before storing PNRs or loyalty details, and provide clear cleanup or retention instructions.
Using some loyalty-tracking features could require account access that should be handled carefully.
The skill references an optional loyalty integration that may require user credentials, even though no primary credential is declared in the registry metadata.
AwardWallet — Track 700+ programs. Requires user credentials.
Only provide credentials through trusted, scoped authentication flows, and avoid sharing raw airline or loyalty passwords with the agent.