Aerobase Awards
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: aerobase-awards Version: 1.0.0 The skill bundle instructs the AI agent to handle sensitive airline Frequent Flyer Program (FFP) credentials to access booking pages behind login walls in SKILL.md. While the instructions explicitly state to 'NEVER store or log FFP credentials,' the design pattern of passing plaintext credentials through an LLM-driven agent to third-party sites is inherently high-risk. Additionally, the skill utilizes an external scraping service via a variable '{SCRAPLING_URL}' and requires browser automation with proxies, which significantly expands the attack surface for credential interception.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user could be asked to provide airline loyalty credentials to an agent-controlled browser/proxy flow, potentially exposing valuable account access.
The skill instructs the agent to handle airline loyalty account credentials for protected account pages. Those credentials are not declared in the registry requirements, and loyalty accounts can contain valuable miles or allow account actions if mishandled.
Airline Award Search (PROXY required) - Navigate to airline's FFP booking page (behind login wall) - User must provide credentials for their account - NEVER store or log FFP credentials
Avoid providing airline passwords unless the runtime is trusted and the action is explicitly requested. The skill should declare this credential flow, require per-login approval, and clearly restrict activity to read-only searches.
The agent may use browser automation and a proxy in logged-in travel accounts, which can expose sessions or perform unintended interactions if not tightly controlled.
The instructions allow browser/proxy use against protected sites. This is related to award searching, but the artifacts do not define the proxy provider, approval flow, session handling, or hard limits on actions during logged-in browsing.
seats.aero (API preferred, browser fallback with PROXY) Cloudflare protected. Use API cache first. Browser via proxy only for logged-in users.
Use the API cache by default. Only allow browser/proxy use after explicit user approval, with a trusted proxy, no credential storage, and clear limits against booking, modifying, or redeeming awards.
Route and date information may be shared with an external search/scraping service to calculate cents-per-point value.
The skill discloses sending itinerary details to an external Scrapling service for cash-price lookup. This is purpose-aligned, but the Scrapling endpoint is not declared in the requirements and privacy/data-boundary details are not specified.
Use Scrapling `/search` to get cash prices from Google Flights for cents-per-point value:
POST {SCRAPLING_URL}/search
{"site":"google-flights","origin":"JFK","destination":"LHR","departure":"2026-04-01","return":"2026-04-08"}Use a trusted Scrapling endpoint, avoid sending sensitive travel details unless needed, and disclose what data is sent and retained.
Created alerts may keep running and consuming service quota until the user disables them.
The skill can create ongoing award alerts monitored on a schedule. This persistence is disclosed and rate-limited, so it is a notice rather than a standalone concern.
POST /api/awards/alerts — create alert GET /api/awards/alerts — list user's alerts Continuous alerts require Pro tier Award monitoring cron: every 4 hours (do not increase).
Create alerts only on explicit request and give users an easy way to list, review, and delete active alerts.