Skillv3.3.1

ClawScan security

Aerobase Travel Flights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 4, 2026, 3:46 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's API-focused behavior and single API key requirement are coherent with its travel-search purpose, but a notable contradiction about "browser-powered" Pro features and the presence of booking/payment data paths merit caution before installing.
Guidance: This skill mostly looks like what it says: an API-backed flight search/compare/booking helper that uses a single API key. Before installing, confirm two things: (1) clarify the apparent contradiction about "API-only" vs "browser-powered Pro superpowers" — ask the publisher whether Pro features perform browser automation/scraping and what (if anything) is installed or executed when upgrading; (2) understand booking flows: the API accepts personal and payment data, so make sure you (and the agent) only transmit PII/payment details with explicit user consent and that AEROBASE_API_KEY is stored securely (never paste it into chat). Also review Aerobase's privacy policy / terms and check where booking/payment data is processed or forwarded (third-party providers). If you need stronger assurance, request source code or implementation details for the Pro features before enabling booking/payment actions.

Review Dimensions

Purpose & Capability: noteName, description, and declared primaryEnv (AEROBASE_API_KEY) align with the provided REST endpoints for searching, comparing, scoring, validating, and booking flights. There are no unrelated environment variables or required binaries. However, the SKILL.md simultaneously states "API-only: no scraping, no browser automation" and later advertises "Pro Superpowers" that are "browser-powered" (Google Flights/Kayak live comparisons). That is a contradiction in claimed capabilities and implementation scope.
Instruction Scope: concernThe runtime instructions are mostly focused and self-contained: they document endpoints, auth header usage, error handling (401/403/429/5xx), and explicitly say not to solicit passwords/OTPs/cookies. However, the skill exposes booking endpoints that accept personal data and payment fields; while the SKILL.md instructs to never submit payment without explicit user approval, the agent will need to collect and transmit sensitive PII/payment info if the user asks to book — this raises privacy and consent concerns. The contradictory mention of browser automation for Pro features also expands scope beyond the documented API behavior and is unexplained.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, which minimizes on-disk execution risk. No downloads or package installs are specified.
Credentials: okThe skill requires a single primary credential (AEROBASE_API_KEY), which is proportional to making authenticated API calls. The SKILL.md advises redaction of raw keys and explicitly forbids requesting user passwords/OTPs/cookies. No unrelated secrets or multiple credential requirements are present.
Persistence & Privilege: okThe skill does not request always:true and has no install-time persistence. It is user-invocable and allows normal autonomous invocation; there is no indication it modifies other skills or system settings.