Aerobase Travel Activities
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only skill coherently uses a disclosed Aerobase API key to fetch travel activity recommendations and shows no evidence of hidden code, persistence, or unrelated access.
Before installing, understand that this skill sends travel search parameters to Aerobase and uses your Aerobase API key and quota. The artifacts do not show code execution, persistence, or requests for passwords, cookies, or third-party logins.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may use your Aerobase API quota or paid plan when making travel activity searches.
The skill requires a provider API key and uses it for authenticated Aerobase calls; this is disclosed and aligned with the travel API purpose.
Required env var: `AEROBASE_API_KEY`; Auth header (preferred): `Authorization: Bearer ${AEROBASE_API_KEY}`; Never print raw API keys in outputUse a dedicated Aerobase API key, monitor usage or billing limits, and do not provide unrelated credentials.
Destination, airport, and activity-search details may be sent to Aerobase to generate recommendations.
The skill directs the agent to call an external API, but the documented operations are read-only travel search endpoints and are purpose-aligned.
Base URL: `https://aerobase.app`; Endpoints: GET /api/attractions, GET /api/attractions/{slug}/tours, GET /api/toursUse the skill for intended travel-planning queries and avoid including unnecessary sensitive personal details in search requests.