ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cabin Flights

v1.0.0

Search and book real flights with USDC payments. Gives your AI agent the power to find flights across 500+ airlines and complete bookings paid in USDC on Base. No credit cards, no banks — crypto-native travel commerce.

0· 1.4k·0 current·0 all-time
by@kobuta23

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for kobuta23/cabin.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Cabin Flights" (kobuta23/cabin) from ClawHub.
Skill page: https://clawhub.ai/kobuta23/cabin
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install cabin

ClawHub CLI

Package manager switcher

npx clawhub@latest install cabin
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (flight search + USDC payments on Base) matches the SKILL.md: it calls an external API (https://api.cabin.team) to search, book, and provide a USDC deposit address/checkout URL. The only minor mismatch: SKILL.md metadata lists 'node' as a required binary and the doc references node scripts (src/balance.js, src/send.js) for wallet operations, yet this skill bundle contains no code files. Requiring node is plausible (for referenced wallet helpers) but unnecessary for an instruction-only skill as delivered.
Instruction Scope
Runtime instructions are limited to HTTP calls to api.cabin.team, fetching image_url, presenting results, collecting passenger details (names, DOB, email) required for booking, and showing payment info (deposit address or checkout URL). Collecting passenger PII is expected for bookings but is sensitive — the skill directs transmission of that PII to an external API and guides users to send crypto to the provided deposit address. It also references local node wallet scripts that are not present in the package; an agent attempting to run them will fail unless those scripts exist elsewhere.
Install Mechanism
No install spec is present (instruction-only skill). That minimizes on-disk persistence and installation risk.
Credentials
The skill declares no required environment variables or credentials, which is proportionate to an instruction-only connector that delegates calls to an external API. There are no unexplained requests for unrelated secrets. Note: the skill relies on an external API/service (cabin.team) to perform bookings and payments, so credentials for upstream providers (if required) would be handled by that service, not this skill bundle.
Persistence & Privilege
always is false and the skill does not request any elevated persistence. Agent-autonomous invocation is allowed by default (disable-model-invocation: false) — this is normal. Be particularly cautious if the agent has wallet capabilities or is granted signing/sending privileges, since the skill's workflow includes paying USDC to external deposit addresses.
Assessment
This skill appears to do what it says: call an external Cabin API to search/book flights and provide a USDC deposit address on Base. Before installing or using it: 1) Verify the external service (api.cabin.team, cabin.team, and the referenced GitHub repo) are legitimate — confirm ownership and reviews where possible. 2) Understand that booking requires sharing passenger PII (names, birthdates, emails) with that external API — only send what you're comfortable sharing and check the service's privacy/legal terms. 3) Never send large amounts of USDC to a deposit address without independently verifying the booking and the address (phishing risk). 4) The skill references node wallet scripts that are not included; if you enable wallet automation (evm-wallet or similar), restrict automatic payments and require explicit user confirmation before any transaction. 5) If you need higher assurance, ask the publisher for the missing node scripts or a public repo/manifest and confirm the smart-contract token address and payment flow off-platform before transacting. Overall: coherent and expected functionality, but treat crypto payments and PII with caution.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

✈️ Clawdis
Binsnode
latestvk977d498b7n5jfk7g4k4gn1vv180p2fh
1.4kdownloads
0stars
1versions
Updated 18h ago
v1.0.0
MIT-0
@kobuta23
latest
Download

Cabin — Flight Search & Booking with USDC

Search real flights across 500+ airlines and book with USDC on Base.

API Base URL

https://api.cabin.team

Endpoints

Search Flights

When the user wants to find flights:

curl -X POST https://api.cabin.team/v1/search \
  -H "Content-Type: application/json" \
  -d '{
    "from": "HAN",
    "to": "ATH",
    "date": "2026-03-15",
    "return_date": "2026-03-22",
    "adults": 1,
    "class": "ECONOMY",
    "currency": "USD",
    "max_results": 5
  }'

Parameters:

  • from (required): Origin IATA airport code
  • to (required): Destination IATA airport code
  • date (required): Departure date (YYYY-MM-DD)
  • return_date (optional): Return date for round-trip
  • adults (optional, default 1): Number of passengers
  • class (optional): ECONOMY, PREMIUM_ECONOMY, BUSINESS, FIRST
  • currency (optional, default USD): Currency for prices
  • max_results (optional, default 10): Maximum results

Response includes:

  • results[] — Array of flight offers with prices, airlines, times, stops
  • image_url — URL to a rendered PNG comparison image of results
  • search_id — ID to reference when booking

Presenting results to users:

  • Show the rendered image (fetch from image_url) for visual comparison
  • Use structured data for specific questions ("which is cheapest?", "any direct flights?")
  • Always show price in both USD and USDC equivalent

Book a Flight

When the user wants to book:

curl -X POST https://api.cabin.team/v1/book \
  -H "Content-Type: application/json" \
  -d '{
    "offer_id": "offer_1",
    "search_id": "abc123",
    "passengers": [{
      "type": "adult",
      "given_name": "John",
      "family_name": "Doe",
      "email": "john@example.com",
      "born_on": "1990-01-15",
      "gender": "m"
    }]
  }'

Required passenger info:

  • given_name, family_name
  • email
  • born_on (YYYY-MM-DD)
  • gender (m/f)

Response includes:

  • booking_id — Cabin booking reference (CBN-YYYY-XXXX)
  • amount_usdc — Amount to pay in USDC
  • payment.deposit_address — USDC deposit address on Base
  • payment.checkout_url — Payment page URL to share with user

USDC Payment Flow

After booking, the user needs to pay in USDC on Base:

  1. Show the user the amount_usdc and payment.checkout_url
  2. User can either: a. Send USDC directly to payment.deposit_address on Base b. Visit checkout_url for a guided payment experience
  3. After payment, booking is confirmed automatically

If the agent has wallet capabilities (e.g., evm-wallet skill):

# Check USDC balance on Base
node src/balance.js base --json

# Send USDC to deposit address
node src/send.js base USDC <deposit_address> <amount_usdc> --yes --json

Check Booking Status

curl https://api.cabin.team/v1/booking/CBN-2026-XXXX

Statuses: awaiting_payment → confirmed → checked_in

Get Confirmation Page

https://api.cabin.team/v1/booking/CBN-2026-XXXX/confirmation

Share this URL with the user after payment confirmation.

Get Check-in Page

https://api.cabin.team/v1/booking/CBN-2026-XXXX/checkin

Share when it's time to check in for the flight.

Common IATA Codes

CodeCity
HANHanoi
BKKBangkok
SINSingapore
NRTTokyo Narita
HNDTokyo Haneda
ICNSeoul
LHRLondon
CDGParis
FCORome
ATHAthens
JFKNew York
LAXLos Angeles
SFOSan Francisco
DXBDubai
ISTIstanbul

Workflow Examples

Simple one-way search

User: "Find me a flight from Bangkok to Tokyo next Friday"

  1. Parse: from=BKK, to=NRT (or HND), date=next Friday
  2. Call POST /v1/search
  3. Show image_url to user
  4. Present top 3-5 options with prices

Round-trip booking

User: "Book the cheapest round-trip from London to Barcelona, March 15-22"

  1. Search: from=LHR, to=BCN, date=2026-03-15, return_date=2026-03-22
  2. Present options
  3. User picks one → collect passenger details
  4. POST /v1/book with passenger info
  5. Share payment URL → user pays in USDC
  6. Confirm booking → share confirmation page

Multi-passenger

User: "We need flights for 3 people, Seoul to Bali, April 1-10"

  1. Search with adults=3
  2. Prices shown are per-person
  3. When booking, collect details for all 3 passengers
  4. Total USDC amount = per-person × 3

Error Handling

  • No results: Try nearby airports or different dates
  • Booking expired: Search results expire after 30 minutes, search again
  • Payment timeout: Bookings expire 1 hour after creation if unpaid
  • Invalid airport code: Suggest the correct IATA code

USDC on Base

  • Chain: Base (Ethereum L2)
  • Token: USDC (0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913)
  • Gas fees: ~$0.01 per transaction
  • Confirmation: ~2 seconds

Comments

Loading comments...