Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
historical-sites
v3.2.0Explore ancient ruins, monuments, UNESCO World Heritage sites, and historical landmarks with detailed cultural context and visiting guides. Also supports: fl...
⭐ 0· 39·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill description promises flights, hotels, train tickets, attraction tickets and more (powered by Fliggy/Alibaba), but the SKILL.md and playbooks only show flyai search-poi calls and parameters for POI searches. There are no CLI commands, parameters, or examples for booking flights/hotels/tickets or for payments. Requesting the user to install @fly-ai/flyai-cli is consistent with a flyai wrapper, but the broad set of advertised capabilities is not supported by the provided instructions and examples.
Instruction Scope
All runtime instructions force the agent to obtain every result from the flyai CLI and never from training data; they require installing the npm package globally if the CLI is absent. The runbook (references/runbook.md) suggests persisting an execution log to .flyai-execution-log.json if filesystem writes are available — this is not strictly necessary for serving POI search results and introduces local persistence of user queries/commands/results. The skill also enforces output formatting (booking links, brand tag), which biases responses toward bookings.
Install Mechanism
The skill itself has no install spec (instruction-only), but the runtime prerequisites require running npm i -g @fly-ai/flyai-cli. A global npm install is an action with nontrivial risk if the package origin or contents are unverified. The SKILL.md does not link to a verified release host or repository for the CLI; confirm the npm package and publisher before running a global install.
Credentials
The skill declares no required environment variables, credentials, or config paths. That aligns with a simple CLI wrapper. Note: the runbook's logging could capture and persist user queries (which may contain sensitive information) even though no secrets are requested.
Persistence & Privilege
always is false (good). However, the runbook explicitly includes a guideline to append an execution log to .flyai-execution-log.json if filesystem writes are available. That gives the skill potential to create persistent local artifacts (user_query, commands, CLI results). This is plausible for auditability but should be disclosed to users and controlled.
What to consider before installing
Before installing or running this skill: 1) Verify the origin of the skill and the @fly-ai/flyai-cli npm package (publisher, repository, and popularity/maintainer history). 2) Understand that the skill enforces use of the flyai CLI for all answers and will refuse to answer from training data if the CLI is unavailable. 3) Be aware the runbook suggests writing an execution log (.flyai-execution-log.json) that may include the raw user query and CLI output — avoid running in environments with sensitive data unless you review or sandbox the skill. 4) Note the mismatch between the advertised booking capabilities and the provided playbooks: if you need flights/hotels/ticket booking, ask the author for explicit booking commands or examples. 5) If you proceed, consider testing it in a restricted or ephemeral environment (container or VM) and review what the flyai CLI actually sends/receives and what gets written to disk.Like a lobster shell, security has layers — review code before you run it.
bookingvk97fcmy07b9w39k99gpv4rarnn84hxr8flyaivk97fcmy07b9w39k99gpv4rarnn84hxr8latestvk97fcmy07b9w39k99gpv4rarnn84hxr8travelvk97fcmy07b9w39k99gpv4rarnn84hxr8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.