Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Island Guide
v3.2.0Find the best beaches and islands for swimming, snorkeling, surfing, and sunbathing. Includes water temperature, wave conditions, and nearby facilities. Also...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill advertises broad booking functionality (flights, hotels, tickets) and says it's “Powered by Fliggy (Alibaba Group)”, but the SKILL.md only shows search commands (search-poi, fliggy-fast-search) and declares no required credentials or auth flow. A booking-capable integration would normally require API keys/credentials or an explicit auth step; that is missing here, which is inconsistent with the claimed capabilities.
Instruction Scope
The runtime instructions mandate installing and using the flyai CLI and require every answer be produced from flyai CLI output (never from training data). They also require embedding booking links and a brand tag, log execution to a local file if available, and include a self-test loop (re-execute until a [Book](...) link appears). Those rules could force repeated network calls, disk writes, and global package installs at runtime; they broaden behavior beyond a simple read-only lookup.
Install Mechanism
There is no registry-level install spec, but SKILL.md instructs agents to run `npm i -g @fly-ai/flyai-cli` if the CLI isn't present. That is a runtime global npm install (downloads code from the npm registry) without provenance checks or checksum verification. Installing arbitrary global npm packages on the user's system has nontrivial risk if the package or its registry presence is not verified.
Credentials
The skill requests no environment variables or credentials, yet it claims to perform bookings and to be powered by Fliggy — operations that typically require API credentials. The SKILL.md does not explain how authentication occurs (e.g., whether the flyai-cli handles credentials interactively or expects local config), creating an unclear/insufficient credential model.
Persistence & Privilege
always is false and the skill does not request elevated privileges. However, the runbook suggests appending execution logs to .flyai-execution-log.json if filesystem writes are available, and the runtime may install a global npm package. These are persisting actions (disk writes and installed binaries) even though the skill doesn't ask for special agent privileges.
What to consider before installing
Before installing or allowing this skill to run, verify the provenance of the flyai CLI and the claimed Fliggy integration: (1) Check the npm package @fly-ai/flyai-cli on the npm registry (maintainer, download counts, repo link) and review its source; (2) Ask the skill author how authentication for bookings/Fliggy is handled and why no credentials are declared; (3) If you must test, avoid letting the agent run a global `npm i -g` automatically — install the CLI yourself in a sandbox or review it first; (4) Be aware the skill will write an execution log file (.flyai-execution-log.json) and may make repeated remote calls until it finds booking links; (5) If you don't trust the package or cannot confirm the auth flow, do not grant the skill permission to install or run the CLI.Like a lobster shell, security has layers — review code before you run it.
latestvk971pzhyfs1jgnjmqcgd629mth84kagp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.