ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Ana

v1.0.4

提供全日空航空航班搜索、预订、值机、里程管理、升舱、贵宾室及航班状态等全方位服务。

0· 75·0 current·1 all-time
by@hanxueyuan
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The registry description advertises flight search, booking, check-in, mileage management, upgrades, lounges, and flight status features. The SKILL.md, however, only instructs the agent to provide general company/brand information (history, business lines, market position). No APIs, credentials, or binaries are requested — this mismatch suggests the skill cannot actually perform the booking/operational tasks it advertises.
Instruction Scope
SKILL.md is narrowly scoped to presenting brand/company information and includes no commands, file reads, or external endpoints. As-written, the instructions stay within an innocuous informational scope.
Install Mechanism
No install spec and no code files are present (instruction-only). This is low-risk from an installation standpoint.
!
Credentials
The skill requests no environment variables or credentials. That is appropriate for a read-only info skill but is disproportionate relative to the advertised booking/operational capabilities, which would normally require API keys, airline partner credentials, or user authentication.
Persistence & Privilege
always is false and the skill does not request persistent system presence or modify other skills. No elevated privileges are requested.
What to consider before installing
This skill's manifest is inconsistent: the registry description claims full ANA airline services (booking, check-in, mileage, etc.), but the bundled SKILL.md only supports providing general company information. Before installing or using it for bookings, ask the publisher for clarification and for concrete integration details (API endpoints, required credentials, install steps, privacy policy). If you need booking or account actions, prefer official ANA channels or a skill that clearly documents required credentials and endpoints. If you don't need booking functionality and only want brand info, the skill is low-risk but misleadingly advertised.

Like a lobster shell, security has layers — review code before you run it.

latestvk977c2zf9bvcrw9nt4s5884ej984wfy8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments