ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Flyclaw Bak

v1.0.0

Multi-source flight aggregation — tickets, nonstop, round-trip, cabin. 航班机票/零登录/零API, zero login, zero account, zero API key. Pure Python, no browser. 机票价格/航...

0· 15·0 current·0 all-time
by@qizha·fork of @ai4mse/flyclaw (0.4.1)
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
CryptoCan make purchases
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
Name/description claim 'zero API key / zero login' and 'no account required' but config and README contain fields for serpapi_key, fliggy_mcp api_key and sign_secret with comments like 'leave blank uses built-in default key' — this suggests the code may include or use default credentials for upstream services. That capability (including embedded/unknown credentials) is not justified by the 'zero API key' marketing claim and is disproportionate without explanation.
Instruction Scope
SKILL.md and READMEs are focused on flight queries, JSON output, and usage examples — instructions do not ask the agent to read unrelated system files or secrets. The tool supports updating airports from arbitrary URLs (update-airports --url), which is a normal feature but can download and overwrite local caches if misused. No explicit instructions to access environment variables are present.
Install Mechanism
The registry metadata lists 'No install spec — this is an instruction-only skill' but the package contains many Python source files (including large caches). That mismatch is an incoherence: code will have to be placed/run on the host but there's no declared install step. Dependencies are standard Python libs (requests, pyyaml, curl_cffi, flights) — no remote binary downloads detected in the metadata.
!
Credentials
The skill declares no required environment variables, which is good, but config.yaml exposes optional fields for third‑party credentials (serpapi_key, fliggy_mcp api_key & sign_secret) and explicitly says 'leave blank uses built-in default key' — meaning credentials or secrets may be embedded in code or used by default. That raises proportionality and provenance questions: why include default keys, who owns them, and could queries be routed through an account outside the user's control?
Persistence & Privilege
No special persistence privileges requested (always: false). The skill does maintain local caches (cache/airports.json) and supports updating them; it doesn't request to modify other skills or system-wide agent settings according to the provided metadata.
What to consider before installing
This skill appears to implement a legitimate multi-source flight aggregator, but there are two things to check before installing: 1) Embedded/default credentials: config.yaml and README include comments such as 'api_key: "" # Leave blank uses built-in default key' and 'sign_secret: "" # Leave blank uses built-in default secret'. That implies the package may contain baked-in credentials or rely on a third party's account. Inspect the source files (especially any 'sources/*' modules) for hardcoded API keys, secrets, or opaque relay endpoints. If keys are present, ask the author who owns them and whether queries will be billed or rate-limited through a remote account. 2) Origin and install: the package contains many source files and large cache files but the registry entry has no install spec. Prefer installing from the upstream GitHub repo (https://github.com/AI4MSE/FlyClaw) or reviewing the exact files you will run. Run it in an isolated environment (container or dedicated VM) the first time, and monitor outgoing network connections to understand which external services the skill contacts (Fliggy, Google Flights/fli, Skiplagged, FR24, ADSB providers). Other practical advice: if you are uncomfortable with unknown built-in keys, set any api_key/sign_secret/serpapi_key fields to empty and disable features that require them (or replace with your own credentials). Consider reducing surface area by disabling 'route_relay' or unneeded sources in config.yaml. If you need higher assurance, ask the maintainer for a signed release or scan the source for hardcoded secrets and remote endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk9791b3ehhf3jme7brkfw00amn84h5h7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments