Skillv3.2.0

ClawScan security

summer-vacation-flight · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 7:37 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's core behavior (run a third-party CLI and return booking links) is plausible, but there are internal inconsistencies and an implicit global npm install that deserve caution before installation.
Guidance: What to consider before installing/using this skill: - Confirm the provider and package: the skill claims "Powered by Fliggy (Alibaba Group)" but instructs use of an npm package named @fly-ai/flyai-cli. Ask the author which service actually provides the data and verify the official CLI/package source. - Verify the npm package and publisher on the npm registry before allowing a global install. Global `npm i -g` runs code on your system (including possible postinstall scripts); only install packages from trusted maintainers. - Check that the flyai CLI actually supports the flags the skill expects (--origin, --destination, --dep-date, --sort-type, --journey-type, --max-price, etc.). The SKILL.md contains mismatched parameter lists and mappings — confirm the real CLI parameter names to avoid repeated failed executions or malformed commands. - Be aware the skill enforces strict output rules (every result must include [Book]({detailUrl}), never use jumpUrl, never answer from training data). If the CLI returns link fields with different names you may get repeated retries or missing results; ask the author how to handle such cases. - If you cannot verify the CLI/package or the provider, or you cannot allow a global npm install from that publisher, do not install. Request clarification or a signed/official source URL and a list of exact CLI flags and sample outputs that the skill expects. If you want, I can draft questions to send to the skill author to resolve the branding/flag inconsistencies and to request the official npm package link and publisher info.

Review Dimensions

Purpose & Capability: noteThe skill claims to book flights and related travel services and instructs the agent to use a CLI (flyai). That capability aligns with the stated purpose. However the SKILL.md also claims “Powered by Fliggy (Alibaba Group)” while all runtime instructions reference an npm package @fly-ai/flyai-cli — a branding/provider mismatch that should be clarified. The skill also advertises hotels, trains, attractions, etc., but the provided parameters and playbooks are focused almost exclusively on flight-search commands.
Instruction Scope: concernThe runtime instructions force CLI-based operation (OK for an instruction-only CLI skill) and even mandate installing a global npm package if the CLI is missing. There are several internal inconsistencies in the instructions: the Parameters table does not list flags that are used elsewhere (e.g., --journey-type appears in playbooks but is missing from the main Parameters table; references/templates.md maps user phrases to flags like --max-price and --seat-class-name that are absent from the Parameters table). The SKILL.md also imposes strict output rules (every result must include [Book]({detailUrl}), must not use jumpUrl, never use training data) — these are operational requirements but could cause the agent to repeatedly attempt CLI calls or fail outright if the CLI's actual JSON fields differ. No instructions reference reading files or secrets outside the CLI usage, which is good.
Install Mechanism: noteThere is no formal install spec in the registry, but the instructions tell the agent to run `npm i -g @fly-ai/flyai-cli` if the CLI is missing. Global npm installation from the public registry is a common pattern but carries moderate risk: it downloads and executes package code with potentially postinstall scripts. Because the skill does not provide a verified source URL or checksum, you should verify the npm package identity and publisher before allowing global install.
Credentials: okThe skill does not request environment variables, secrets, or config paths. All required inputs are query parameters mapped to CLI flags. There is no evidence the skill is requesting unrelated credentials or system secrets.
Persistence & Privilege: okThe skill does not request 'always: true' or other elevated platform privileges. It does require network access to install the CLI if missing, but it does not request persistent modifications to other skills or global agent settings in its files.