Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Travelmapify

v2.2.0

Copy Xiaohongshu travel planning homework into interactive route maps with real FlyAI hotel search in seconds.

⭐ 0· 47·0 current·0 all-time

by@rudy2steiner

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The skill's description (map from images, Amap geocoding, FlyAI hotel search) matches the scripts' functionality, but the registry metadata declares no required binaries or env vars even though the code expects Python 3.7+, tesseract/pytesseract, Pillow, the FlyAI CLI, and a local Amap proxy. Omitting those runtime requirements is an inconsistency that can surprise users and lead to silent failures or unexpected environment access.

ℹ

Instruction Scope

SKILL.md instructs the agent to auto-start an HTTP server (default port 9000) and a hotel-search server (default port 8770), run OCR/AI-vision extraction, call a local Amap proxy, and invoke FlyAI. These actions are within the stated purpose, but auto-starting servers and running local CLI tools expands the attack surface and may expose services on the local network. Also the code performs automatic workspace detection (searches for AGENTS.md / SOUL.md) which probes the filesystem for context.

Install Mechanism

There is no install spec in the registry (instruction-only at metadata level) but the skill ships many code files that must be executed. The repository expects external system components (Python packages and external CLI tools) but does not declare them in metadata. This mismatch increases risk because nothing is enforced at install time and users may run code without realizing its dependency footprint.

Credentials

The skill requests no environment variables in metadata, yet the code attempts to discover the OpenClaw workspace, probes common user paths (home/.nvm, npm global bin, /usr/local/bin), and searches the filesystem for a FlyAI binary. It also assumes a local Amap proxy (which requires an Amap API key). While no secrets are explicitly requested, the implicit need for an Amap API key and FlyAI CLI means configuration is handled outside metadata and could be misconfigured or lead to accidental key exposure if users modify files. The filesystem scanning behavior is broader than necessary for a simple map generator.

ℹ

Persistence & Privilege

The skill does not request 'always:true' and does not declare elevated privileges. However, it will auto-start local servers and modify/serve generated HTML that uses localStorage in the browser. Those behaviors are expected for a local map-serving tool but increase persistence/availability on the network while running; consider that an active server process can be reachable from local network depending on host configuration.

What to consider before installing

Key things to consider before installing or running this skill: - Missing declared dependencies: The metadata does not enumerate required runtime components. The code expects Python 3.7+, Pillow, pytesseract/Tesseract, the FlyAI CLI (node/npm), and a local Amap API proxy (with your Amap API key). Ensure you provision and inspect those components yourself. - Review and sandbox before running: Because the skill auto-starts HTTP servers (default 9000) and a hotel-search server (default 8770) and probes filesystem paths, run it in an isolated environment (VM or container) first to confirm behavior and network exposure. - Inspect the servers' code: The hotel-search-server and main scripts are the highest-risk files (they launch servers and invoke external CLIs). Review them for any unexpected outbound requests or command invocation patterns (especially how FlyAI is invoked) before allowing network access. - Protect API keys: Amap API keys are expected to be used by a local proxy; do not place API keys into client-side HTML. Follow the references' guidance: keep keys server-side and limit domain whitelists. - Limit filesystem probing: The skill's config scans common user directories to find FlyAI and workspace files. If you are uncomfortable with that behavior, edit scripts/config.py to point to explicit paths instead of allowing rglob searches. - If you lack the technical capacity to audit code, treat this skill as higher-risk: either avoid installing it or only run it in a controlled sandboxed environment. If you want, I can: (1) highlight the specific lines in the highest-risk files (hotel-search-server.py and main_travel_mapify_enhanced.py) for review, (2) produce a minimal safe wrapper that disables auto-start servers, or (3) walk through how to run it sandboxed in Docker.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akcwxa1yg3hmyjhfebny5d984b1f0

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Travelmapify

License

Comments