Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Flyai Travelmapify
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its travel-map purpose, but its local Amap proxy can execute shell commands from untrusted HTTP query input and should be reviewed or fixed before use.
Review or patch scripts/amap-proxy.js before installing or running this skill. If you proceed, run local servers only when needed, stop them afterward, install dependencies from trusted sources, and avoid using sensitive travel images or private itinerary details unless you are comfortable sharing them with the external services involved.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
A malicious web page or local requester could potentially make the proxy run arbitrary commands as the user if the proxy server is running.
Why it was flagged
The local HTTP endpoint takes user-controlled q/city parameters and places them directly into a shell command; wildcard CORS also allows web pages to interact with the local proxy while it is running.
Skill content
'Access-Control-Allow-Origin': '*'; ... const query = parsedUrl.query.q; const city = parsedUrl.query.city || '重庆'; ... const command = `cd "${amapMapsDir}" && AMAP_KEY="${amapKey}" node scripts/amap.js search text "${query}" ${city}`; exec(command, { timeout: 10000 }, ...)Recommendation
Do not run the included Amap proxy until it is changed to use execFile/spawn with an argument array, strict input validation, localhost-only binding, restricted CORS, and no shell interpolation.
What this means
Local ports may be opened and services may keep running after map generation unless stopped.
Why it was flagged
The skill documents automatic startup of local services, which is expected for serving interactive maps and hotel search but affects the user's local runtime environment.
Skill content
**Automatically start HTTP server** on port 9000 ... **Automatically start hotel search server** on port 8770
Recommendation
Use custom ports if needed, stop the servers when finished, and avoid running them on untrusted networks.
What this means
Destination names and travel-plan image contents may be processed outside the local machine as part of the advertised functionality.
Why it was flagged
The workflow sends travel locations, and potentially image-derived POIs, to external mapping, hotel-search, or vision-capable services.
Skill content
geocode with Amap ... optional **FlyAI** hotel search ... Image mode — POI extraction from travel-plan images
Recommendation
Use only travel inputs you are comfortable sending to the relevant providers, and review provider privacy terms if the locations or images are sensitive.
What this means
Installation and trust decisions for required external components are left to the user, and the registry may not surface all runtime requirements.
Why it was flagged
The skill relies on external local dependencies even though registry metadata lists no required binaries or install spec.
Skill content
FlyAI CLI - Must be installed and accessible in your PATH or via npm ... amap-maps skill ... Amap API proxy server
Recommendation
Install dependencies only from trusted sources and verify the FlyAI CLI, amap-maps skill, and Amap proxy before use.