flight-monitor
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent flight price monitoring skill, but it can create recurring local automation tasks, store optional push-notification keys, and send flight alert details to external services.
Before installing, be comfortable with the skill running local Python scripts, saving flight history and monitor definitions under ~/.workbuddy, and creating scheduled checks when you request monitoring. If you configure Bark, Server酱, or PushDeer, treat the saved key like a credential and remember that alert contents are sent to that provider.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less external provenance information to validate where the bundled scripts came from.
The registry metadata does not provide an upstream source or homepage for provenance, even though the skill includes executable Python scripts.
Source: unknown; Homepage: none
Install only if you trust the registry/package source, and review bundled scripts before providing notification keys or enabling monitors.
Using the skill will run bundled local code that can make network requests and write local flight-monitoring data.
The skill’s normal workflow depends on running local Python helper scripts. This is disclosed and central to the flight-monitoring purpose.
python scripts/search_flights.py --from <dep> --to <arr> --date <YYYY-MM-DD>
Use the skill only in an environment where running these bundled scripts is acceptable.
A monitor can continue checking prices and sending alerts on the configured schedule until paused or removed.
The monitor manager writes scheduled automation tasks with an ACTIVE status so flight checks can recur without another manual prompt.
rrule = "{rrule}"
status = "ACTIVE"Only add recurring monitors you actually want, and use the provided list, pause, and remove commands to manage them.
Anyone or any process with access to that local config file may be able to use the configured push-notification key.
The notification setup stores the configured Bark, Server酱, or PushDeer key in a local JSON config file.
CONFIG_FILE = CONFIG_DIR / "notify_config.json" ... cfg["key"] = key
Use a dedicated notification key where possible, protect the ~/.workbuddy/flight-monitor directory, and revoke/delete the key if you stop using the skill.
Your flight route, travel date, price threshold, and alert details may be shared with the push service you configure.
Push alerts are sent to third-party notification providers and include the configured title/body/url, which may contain route, date, fare, and booking-link details.
api_url = f"https://api.day.app/{key}/{t}/{b}" ... api_url = f"https://sctapi.ftqq.com/{key}.send" ... api_url = "https://api2.pushdeer.com/message/push"Configure only a push provider you trust, and avoid including unusually sensitive trip details in alert text.