ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Team Outing Planner

v1.0.1

帮助公司团队规划团建活动目的地。收集团队成员的偏好(活动类型、预算、时间等),综合分析推荐最佳目的地,并通过flyai查询详细信息。适用于团建规划、集体出游、公司活动等场景。

1· 77·0 current·0 all-time
by时关@shiguan1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's name and description (team outing planner that queries fly.ai) match the instructions which call flyai CLI commands and generate HTML reports. However the registry metadata declares no required binaries or credentials even though the README and SKILL.md expect the @fly-ai/flyai-cli tool and real-time fly.ai data — this mismatch is unexplained and likely an oversight.
Instruction Scope
Instructions stay within the stated purpose (collect preferences, compute top-3, call flyai CLI to fetch POI/hotel data, generate an HTML report and open it). They explicitly require writing a file to ~/team-outing-recommendation.html and running open on it, and include external images/links in the generated HTML. There is no instruction to read unrelated local files or environment variables, but the generated HTML references external resources (images/booking links) which will cause network requests when opened.
Install Mechanism
The package is instruction-only (no install spec). README suggests installing flyai-cli via npm (npm i -g @fly-ai/flyai-cli), but the skill metadata does not declare that binary as required. Because installation of the actual data source (flyai-cli) is left to the user and not enforced in metadata, this gap is inconsistent and worth noting.
!
Credentials
The skill declares no required environment variables or credentials, yet it depends on fly.ai real-time data via a CLI that typically requires credentials or network access. The lack of declared credentials (API key/token) or guidance on what flyai-cli needs is disproportionate and could lead users to supply secrets elsewhere or run commands that prompt for credentials unexpectedly.
Persistence & Privilege
The skill is not always-enabled and does not request elevated privileges. It does, however, require writing an HTML file to the user's home directory and automatically opening it (open ~/team-outing-recommendation.html). Writing and opening a file is consistent with the purpose but users should be aware the file can reference remote images/links that will be fetched by their browser.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md triggered a 'unicode-control-chars' prompt-injection pattern. Invisible or control unicode characters can be used to obfuscate or manipulate prompts/instructions. This is not expected for a simple planner/instruction file and should be inspected; however no other malicious code was present (the skill is instruction-only).
What to consider before installing
What to consider before installing: - Source: the skill's source/homepage is unknown; prefer skills from known authors or a repo you can inspect. - fly.ai dependency: the instructions call flyai CLI commands and the README suggests npm installing @fly-ai/flyai-cli, but the skill metadata does not declare that binary or any credentials. Confirm whether you need to install flyai-cli and what credentials (API key/token) it needs before running anything. - Credentials: do not provide API keys or tokens until you verify the fly.ai service requirements and trust the skill's author. The skill does not declare any env vars for credentials — this is a mismatch. - File writes & network: the skill will write ~/team-outing-recommendation.html and open it. That file may load external images and booking links when opened, causing your browser to make network requests to third-party hosts (revealing your IP and that you opened the report). Inspect the generated HTML template (included) — it contains no embedded JS, but images/links are external placeholders. - Prompt-injection flag: the SKILL.md contained unicode control characters; open the files in a text editor and search for invisible characters (zero-width spaces, directional controls) before executing or publishing the skill. - Testing advice: run this skill in a sandboxed environment (or an account with limited privileges) first. Manually install and run flyai-cli and test the search commands you intend to use. If you plan to supply credentials, create a scoped/test key if the service supports it. - If you control the skill: update metadata to declare required binaries (flyai-cli) and any expected env vars, and remove/justify any unusual unicode characters so reviewers can verify intent. Given the inconsistencies (undeclared CLI dependency/credentials and the unicode-control-chars finding), proceed cautiously — the behavior looks like what it claims to do, but the metadata omissions and obfuscated characters are reasons to verify before trusting or supplying secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk976jcd4qa5dw734f393em0g89840yxq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments