ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

AI机票预订助手

v1.0.0

AI机票助手 - 实现国内航班搜索、舱位查询、预订下单、机票改期、机票退票。适用于用户询问航班、查询机票价格、提交机票订单、改期航班、退票时使用。

1· 87·0 current·0 all-time
by赵瑞宇@ryan-zry·duplicate of @ryan-zry/ai-flight
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The name/description (flight search & booking) aligns with the included scripts and required binary (python3). The scripts call an external flight API and perform search/price/order/endorse/refund operations as described. However, SKILL.md claims the apiKey is saved to the user's home (~/.fbt_auth.json) while common.py actually writes/reads the auth file from the system temp directory (tempfile.gettempdir()). This mismatch can mislead users about persistence and file location.
!
Instruction Scope
The SKILL.md explicitly warns that PII (name, phone, id) will be POSTed to the external service — which matches the code. But several concerning instruction/behavior mismatches exist: the docs tell users not to expose PII in logs or replies, yet scripts explicitly print passenger name/phone/id and also print debug/order_data in endorse_apply.py, potentially exposing PII to stdout/logs. The code sends all business data to an external endpoint (app-gate.fenbeitong.com by default) — expected for booking, but the code disables TLS certificate verification (ssl._create_unverified_context()), which introduces MITM risk for all transmitted PII and apiKey.
Install Mechanism
No install spec is provided (instruction-only style) and only python3 is required — this is proportionate. The package does include multiple Python scripts bundled with the skill (no external downloads). There is no third-party install step that pulls remote executables (lower install risk).
Credentials
The skill requests no environment variables in its declared requirements, but common.py honors an optional FBT_API_URL environment variable to override the API endpoint — SKILL.md does not document this. The skill persists an apiKey locally (expected for authenticated API usage) but the storage location differs between documentation and code. No unrelated external credentials are requested.
Persistence & Privilege
The skill persistently saves an apiKey to disk (implemented via save_api_key/load_api_key) which is expected for an authenticated client. However, the SKILL.md says the apiKey will be stored in the user's home (~/.fbt_auth.json) while the code stores it in the system temp directory (tempfile.gettempdir(), e.g., /tmp/.fbt_auth.json) — this affects persistence and visibility of the key (temp files may be world-readable on some systems). The skill does not request elevated system privileges nor set always:true.
Scan Findings in Context
[ssl_verify_disabled] unexpected: common.py creates an unverified SSL context (ssl._create_unverified_context()) for urllib requests and comments that this should be removed in production. Disabling TLS verification is not appropriate for a production booking client because it exposes PII and auth tokens to interception.
[persists_api_key_to_disk] expected: The skill must persist an apiKey to call authenticated APIs — the code saves apiKey to a JSON file. This is expected for the described functionality, but the documented path (~/.fbt_auth.json) does not match the code (temp file), which is a transparency/privacy issue.
[prints_sensitive_info] unexpected: Although SKILL.md warns not to log PII, scripts (create_order.py, endorse_apply.py, and others) print passenger name/phone/id and print order_data. Printing PII to stdout/logs contradicts the SKILL.md privacy guidance and increases risk of accidental leakage.
What to consider before installing
This skill appears to implement the advertised flight search and booking flows, but I recommend caution before using it with real personal data. Specific concerns: (1) TLS verification is explicitly disabled for all HTTP requests — this makes the apiKey and passengers' PII vulnerable to man-in-the-middle attacks; (2) the SKILL.md states the apiKey is saved in ~/.fbt_auth.json but the code saves it in the system temp directory (tempfile.gettempdir()), which affects how long the key persists and who can access it; (3) despite advising not to log PII, the scripts print passenger names/phones/IDs and even raw order_data to stdout, which may be captured by application logs; (4) the code posts PII and auth tokens to an external domain (default https://app-gate.fenbeitong.com/...), so confirm you trust that service and review its privacy policy. Actions you can take before installing or using the skill: - Ask the author for the skill's homepage, provenance, and why TLS verification is disabled; require they remove ssl._create_unverified_context(). - Request they reconcile documentation vs. code for apiKey storage (explicit file path and file permissions), or change to store the key in a secure user config (home directory with appropriate permissions) and document it. - Ask for logs/printing of PII to be removed (no cleartext printing of identity numbers/phones). - If you must test, run it on an isolated system (not a shared machine), avoid using real personal data, and set FBT_API_URL to a controlled test endpoint if possible. If the author cannot justify or fix the above, treat the skill as high-risk for handling real PII.

Like a lobster shell, security has layers — review code before you run it.

latestvk97218rvz530tyxa8jjpvnprj983mnww

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

✈️ Clawdis
Binspython3

Comments