Flyai Travelmapify
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: flyai-travelmapify Version: 2.2.2 The skill bundle contains a critical command injection vulnerability in `scripts/amap-proxy.js`, where unsanitized user input from URL parameters is directly interpolated into a shell command executed via `exec`. It also includes a hardcoded Amap API key in the same file. Furthermore, the skill implements aggressive server management in `scripts/ensure_servers_running.py` that forcefully kills processes on specific ports and starts an HTTP server in `scripts/main_travel_mapify_enhanced.py` that exposes the entire OpenClaw workspace directory. While these behaviors facilitate the skill's stated travel mapping purpose, they introduce significant security risks and potential system disruption.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If this proxy is running, a malicious local webpage or network request could potentially execute commands with the user’s privileges.
The HTTP query and city values are inserted into a shell command and executed with child_process.exec, so crafted input could break out of the intended command.
const command = `cd "${amapMapsDir}" && AMAP_KEY="${amapKey}" node scripts/amap.js search text "${query}" ${city}`; ... exec(command, { timeout: 10000 }, ...)Replace exec with spawn/execFile using an argument array, strictly validate q/city, quote nothing through a shell, bind only to 127.0.0.1, and add a local authorization/CSRF protection mechanism.
Other websites or clients may be able to trigger the local proxy unexpectedly while it is running.
The proxy accepts unauthenticated cross-origin HTTP requests and routes user-controlled parameters into a shell-backed geocoding helper.
'Access-Control-Allow-Origin': '*', ... const query = parsedUrl.query.q; const city = parsedUrl.query.city || '重庆'; ... handleSearch(query, city, res);
Limit CORS to trusted origins, bind the service to localhost explicitly, require a local token for requests, and avoid exposing shell-backed operations over a permissive HTTP API.
Users have less registry-level information to verify where the code came from and what runtime components it needs.
The package contains runnable Python/Node files and depends on external tools, but registry provenance and install/dependency metadata are limited.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Publish a source/homepage, declare required binaries and runtime services in metadata, and pin/document external dependencies clearly.
Local ports may stay open and serve map or hotel-search functionality until stopped.
The skill intentionally starts local services as part of its workflow; this is disclosed, but those services may remain active after the map is generated.
Automatically start HTTP server on port 9000 ... Automatically start hotel search server on port 8770 ... Check if servers are already running
Run only when needed, stop the servers after use, and prefer localhost-only binding with clear shutdown instructions.
Itinerary details or travel-planning images may be sent to mapping, hotel-search, or vision providers.
Travel locations, hotel-search context, and possibly images are processed through external provider or agent capabilities as part of the intended workflow.
Geocodes locations ... using Amap API ... Integrates real FlyAI hotel search ... Use agent's AI Vision capability to analyze travel planning images
Avoid submitting sensitive images or private travel details unless you are comfortable with the involved providers and their privacy terms.