ClawHub

VariflightAviation

ReviewAudited by ClawScan on May 10, 2026.

Overview

This appears to be a real flight-information skill, but it should be reviewed because it runs an unpinned npm MCP package and gives that process the full environment, which may include unrelated secrets.

Install only if you are comfortable running an external npm MCP package for VariFlight queries. Before use, avoid running the agent with unrelated secrets in environment variables, and prefer a version-pinned/reviewed release if available.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Concern
ASI04: Agentic Supply Chain Vulnerabilities
What this means

A future or compromised npm package version could run local code under the user's agent environment.

Why it was flagged

The skill executes an external npm package at runtime with automatic confirmation and no version pin, so the reviewed artifacts do not fully define the code that will run.

Skill content
command: 'npx',
      args: ['-y', '@variflight-ai/variflight-mcp']
Recommendation

Pin the MCP package version, include a lockfile or reviewed dependency provenance, and make runtime downloads explicit to the user before first use.

Concern
ASI03: Identity and Privilege Abuse
What this means

Other API keys or secrets in the user's environment could become accessible to the external MCP package.

Why it was flagged

The child MCP process receives the full environment, not only the declared VariFlight key, which can expose unrelated tokens or credentials present in the agent process.

Skill content
env: {
        ...process.env,
        X_VARIFLIGHT_KEY: this.apiKey,
        VARIFLIGHT_API_KEY: this.apiKey
Recommendation

Pass a minimal allowlisted environment, such as PATH plus X_VARIFLIGHT_KEY, and document exactly which credentials are shared with the MCP server.

Note
ASI05: Unexpected Code Execution
What this means

Using the skill can start local Node/npm tooling rather than only reading static instructions.

Why it was flagged

A fixed shell command is used to find npx, and the same file starts a local MCP server; this is purpose-aligned but still means the skill performs local process execution.

Skill content
return execSync('which npx', { encoding: 'utf8' }).trim();
Recommendation

Keep this behavior clearly documented and avoid shell execution where a safer direct path lookup is possible.