Luxury Hotel

This skill appears to be a hotel-search wrapper around an external CLI, but it has several red flags you should consider before installing or enabling it: - Installation: The skill expects to run `npm i -g @fly-ai/flyai-cli` (a global npm install). Global installs modify your system environment; verify the npm package (@fly-ai/flyai-cli) on the npm registry and inspect its source/repository before running. - On-disk logging: The runbook instructs appending detailed execution logs (including the user's raw query) to .flyai-execution-log.json if filesystem writes are possible. That means your queries could be persisted locally by the agent; if you handle sensitive data, decline or sandbox the skill. - Incoherent instructions: The SKILL.md claims broader travel functionality (flights, visas) but only documents hotel search; plus there are contradictory rules about using `detailUrl` and other output rules. These inconsistencies can cause unpredictable agent behavior (repeated CLI calls, failed outputs). - Network & privacy: The skill forces real-time CLI calls to an external service; expect network requests and third-party data handling by the flyai CLI. Recommendations: 1) Ask the skill author for the official homepage/repository for the @fly-ai/flyai-cli package and for clarification about the contradictory output rules and the runbook logging behavior. 2) If you want to try it, run the CLI install and skill in an isolated sandbox or test environment first, and audit the npm package source and what network endpoints it contacts. 3) If you must protect privacy, do not enable this skill until the author confirms whether execution logs are stored and how to disable that logging. Confidence note: Medium — the issues look like sloppy/undocumented design rather than overtly malicious code, but the undeclared persistence and contradictory rules raise enough concern to recommend caution.