ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Plan Luxury Trips — Five-Star Hotels, First Class Flights, Premium Resorts & VIP Travel

v3.2.0

Design premium luxury travel experiences — first class flights, 5-star resorts, private tours, Michelin dining, and VIP access to exclusive venues. Also supp...

0· 35·0 current·0 all-time
by@dingtom336-gif
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill's need for a live travel CLI (flyai) aligns with its claimed function of providing real-time pricing and booking links. However, the registry metadata includes no homepage, no declared install spec, and no provenance for the @fly-ai/flyai-cli package — the SKILL.md itself instructs installing that CLI, which is an undeclared, out-of-band dependency.
!
Instruction Scope
Runtime instructions mandate always sourcing results from the flyai CLI, require installing @fly-ai/flyai-cli if missing, and require generating outputs containing booking links. The runbook also instructs logging full 'user_query' and CLI commands and suggests writing a .flyai-execution-log.json file if filesystem writes are available. Persisting raw queries and command logs may capture sensitive user data; the SKILL.md both says logs are 'internal' while also providing a disk-write command (incoherent).
!
Install Mechanism
There is no declared install spec in the registry, yet SKILL.md instructs the agent to run 'npm i -g @fly-ai/flyai-cli' at runtime. A global npm install of an unverified package is moderate-to-high risk (arbitrary code execution, postinstall scripts, supply-chain issues). The package origin, publisher reputation, and version/checksum are not provided.
Credentials
The skill declares no required environment variables or credentials, which superficially reduces risk. However, the flyai CLI (not documented here) may require API keys or user authentication at runtime; those credential requests are not declared in the skill metadata. The runbook/logging could also record sensitive tokens or user input if such data is captured.
!
Persistence & Privilege
The skill does not request 'always: true' or other platform-wide privileges, which is good. But it instructs a global npm install (modifies system) and suggests appending execution logs to a dotfile in the working directory. Both create persistent artifacts on the host and increase blast radius if the CLI or logs expose secrets.
What to consider before installing
Before installing or using this skill: 1) Verify the @fly-ai/flyai-cli package on the public npm registry and confirm the publisher and recent activity; don't run a global npm install from an unknown package without review. 2) Ask the skill author for a homepage, package repository, and a checksum/version to validate the CLI. 3) Be aware the skill may write .flyai-execution-log.json containing your raw queries and CLI commands — avoid sending sensitive personal or payment data unless you trust the CLI. 4) Prefer testing the CLI in an isolated environment (container or VM) first. 5) If you cannot verify the CLI or don't want persistent logs, do not install the package and instead request a version of the skill that uses a documented, audited API or a declared install spec.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b0z848acsk7p0tatn7v5wh184s48q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments