Skillv3.2.0

ClawScan security

festival-flight · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 7:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill asks the agent to install and run a third‑party npm CLI at runtime and claims to be 'powered by Fliggy (Alibaba Group)' without any provenance — this mismatch plus the instruction to globally install an npm package is disproportionate and worth caution.
Guidance: Before installing or enabling this skill, verify provenance of the CLI it asks you to install: ask for the package's homepage or repository and confirm the npm publisher (is it actually owned by Fliggy/Alibaba?). Treat an unsolicited global `npm i -g` as potentially risky because npm packages can run code during install. If you want to try the skill, consider running the install in a sandboxed environment (container or isolated VM) or ask the skill author for a vetted package link (GitHub repo, official docs, or an Alibaba/Fliggy statement). If you cannot verify the @fly-ai/flyai-cli package owner or link it to the claimed provider, do not run the global install on a production machine.

Review Dimensions

Purpose & Capability: concernThe description claims 'powered by Fliggy (Alibaba Group)' and lists many travel features, but the runtime instructions require a third‑party CLI package (@fly-ai/flyai-cli) with no link, homepage, or credentials. There's no evidence tying the npm package to Fliggy/Alibaba. The declared purpose (festival flight booking via a known provider) does not clearly justify the anonymous npm dependency or the broad list of supported services.
Instruction Scope: okThe SKILL.md stays focused on running the flyai CLI to search flights and format results; it does not instruct the agent to read unrelated system files or environment variables. The rules emphasize using CLI output for all answers, which constrains data sources to the CLI. That scope is consistent with a CLI-driven skill.
Install Mechanism: concernThere is no install spec in the registry; instead the SKILL.md instructs the agent to run `npm i -g @fly-ai/flyai-cli` if the CLI is missing. Global npm installs can execute arbitrary code (postinstall scripts) and pull a package of unknown provenance at runtime. Because the package owner/publisher and its relationship to the claimed provider are not documented, this is a moderate-to-high procedural risk.
Credentials: okThe skill requests no environment variables, credentials, or config paths. It performs searches via the CLI and does not ask for unrelated secrets, which is proportionate to a search-only travel skill.
Persistence & Privilege: okalways:false and normal autonomous invocation are used. The skill does not request permanent presence, does not modify other skills, and its runbook says logs are session-local. No elevated platform privileges are requested.