Skillv1.0.2

ClawScan security

Fliggy Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 29, 2026, 8:26 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are coherent with its stated purpose (a CLI wrapper for Fliggy) and do not request unrelated credentials or persistent elevated privileges.
Guidance: This skill appears to do what it says: it wraps a Fliggy CLI and expects a per-user session file (~/.fliggy-session.json). Before installing/using it: 1) verify the 'fliggy-cli' npm package comes from a trusted publisher (inspect the npm package page and source code if possible), 2) be aware that the session file likely contains authentication tokens—treat it as sensitive, and consider using a throwaway/test account if you prefer, 3) installing global npm CLIs has supply-chain risk; review package permissions and recent publish history, and 4) the skill's instructions run shell commands and may open a browser for login — make sure you run them in a controlled environment and monitor network/browser login prompts. If you need higher assurance, ask the author for the package source repository or include a vetted binary instead of relying on an unverified npm package.

Review Dimensions

Purpose & Capability: okName/description match the instructions: the SKILL.md instructs use of a 'fliggy' CLI to search/book flights, hotels, tickets, and holidays. The declared required binary ('fliggy') and the suggested npm package ('fliggy-cli') are proportional to that purpose.
Instruction Scope: noteInstructions explicitly tell the agent to check a login-state file at ~/.fliggy-session.json and to run 'fliggy login' if missing. That behavior is consistent with a CLI that persists session tokens, but reading a file in the user's home can expose session tokens — this is expected for a client that manages authentication, but it's sensitive and worth the user's awareness.
Install Mechanism: noteNo install spec bundled with the skill files (instruction-only), but the metadata/README recommends installing 'fliggy-cli' via 'npm install -g'. Using npm is a common and expected distribution method for a CLI, but npm packages carry the usual supply-chain risks and should be installed only from a trusted source.
Credentials: okThe skill does not request any environment variables, credentials, or config paths beyond the single per-user session file (~/.fliggy-session.json). That session file is directly related to the stated purpose (authentication for Fliggy) and is proportionate.
Persistence & Privilege: okThe skill is instruction-only, does not set always:true, and does not request to modify other skills or system-wide settings. It directs use of a CLI that will save its own session file, which is normal behavior for a client tool.