maldives-island-picker
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the product lookup may download or execute third-party CLI code from the npm ecosystem.
The skill runs an external npm-hosted CLI through npx to query travel products. This is disclosed and central to the product-lookup feature, but the external package version/provenance is not pinned in the artifacts.
npx @fly-ai/flyai-cli keyword-search --query "马尔代夫 {已验证的岛屿名} 酒店"Use the command only in a trusted environment, consider pinning or reviewing the package/version, and skip the flyai step if you do not want external CLI execution.
Travel preferences such as trip type, budget range, and desired island features may be included in external search queries.
The skill sends user-derived travel criteria to external search/fetch tools as part of generating recommendations. This is expected for the stated purpose and is clearly described.
使用 `web_search` 工具同时并行发起 3 轮搜索... 对信息最丰富的 1-2 个链接用 `web_fetch` 获取详细内容
Avoid sharing sensitive personal details beyond what is needed for travel recommendations.
A Markdown report containing the user’s travel preferences and recommendations will be saved locally and could overwrite a same-named file for the same date.
The skill creates a local report file by default. This is aligned with its report-generation purpose and is disclosed, but it is still a local file write.
默认使用 `create_file` 将报告保存到当前工作目录,文件名格式:`马尔代夫选岛报告-{日期}.md`Check the output filename/location before saving, especially if working in a shared or important directory.