Flight Pricer
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Duffel flight-price CLI, with the main things to notice being local storage of a Duffel API key and a standard Python install with unpinned dependencies.
Before installing, be comfortable giving this tool a Duffel API key and having it store that key under `~/.config/flight-pricer/`. Install it in a virtual environment, verify the config file permissions, and consider dependency pinning if you need reproducible or production use.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool will act under your Duffel account when searching, and any process that can read the config file may be able to use that API key.
The skill requires a third-party API credential and stores it locally for later authenticated searches.
- A Duffel API key. ... Securely saves your API key to `~/.config/flight-pricer/config.yaml`.
Use a scoped or test Duffel key where possible, check permissions on `~/.config/flight-pricer/config.yaml`, and rotate or revoke the key if you stop using the skill.
A future install could pull different dependency versions than the ones implicitly reviewed here.
The package dependencies are not pinned to exact versions, so installation depends on package-index resolution outside the reviewed source.
dependencies = [
"click",
"requests",
"pyyaml",
"tabulate",
]Install in a virtual environment from a trusted package index, and consider pinning or locking dependency versions for repeatable use.