Urgent Flights

v3.2.0

Find flights departing within 48 hours. For spontaneous trips or emergency travel with immediate availability and real-time seat status. Also supports: fligh...

⭐ 0· 37·0 current·0 all-time

by@dingtom336-gif

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

Name/description: urgent last‑minute flights. Instructions and playbooks consistently focus on flight search and last‑minute scenarios. However the description claims “Powered by Fliggy (Alibaba Group)” while the runtime CLI is @fly-ai/flyai-cli — an unexplained branding mismatch. The description also lists many extra services (hotel, visa, insurance) but the SKILL.md only documents flight CLI commands. These are not definitive red flags but are inconsistent and worth checking with the publisher.

Instruction Scope

SKILL.md mandates always sourcing every answer from the flyai CLI and explicitly forbids using any training data. It requires installing the flyai CLI at runtime if absent and requires producing outputs with booking links from CLI JSON only. The runbook instructs persisting an execution log that includes the raw user query. Writing user queries to a local .flyai-execution-log.json file is not declared in the skill metadata and may persist potentially sensitive input. The skill also suggests escalating install attempts (commented fallback shows `sudo npm i -g ...`), which could require elevated privileges.

Install Mechanism

There is no declared install spec in the registry metadata, yet the runtime instructions require running `npm i -g @fly-ai/flyai-cli` if the CLI is missing. That means the agent will download and install a third‑party npm package at runtime. Installing a global npm package is a non‑trivial operation (network download, arbitrary code execution). The package is from the public npm ecosystem (traceable) but this runtime installation is not declared in the registry metadata and increases risk.

ℹ

Credentials

The skill requests no environment variables or credentials, which is proportionate for a read-only flight search. However the runbook log includes the full user_query and CLI command history; those may capture PII (names, emails, passport fragments) if users include them. The skill does not declare any config paths but instructs writing to a local log file, so data persistence is not explicit in the metadata.

Persistence & Privilege

The skill will persist an execution log to .flyai-execution-log.json 'if file system writes are available' and logs raw user queries and CLI calls. This creates local persistence of user inputs and CLI results without that persistence being declared in the manifest. The skill does not request always:true, so it won't be force-enabled, but the logging behavior and the potential need to run global npm installs (with possible sudo) raise privilege/persistence concerns.

What to consider before installing

Things to consider before installing: (1) The skill will try to install a global npm package (@fly-ai/flyai-cli) at runtime if the CLI is missing — review that package on npm/GitHub first or run in an isolated environment. (2) The SKILL.md says it will write an execution log (including the raw user query) to .flyai-execution-log.json — expect local persistence of whatever users input and verify you are comfortable with that. (3) The description mentions Fliggy but the CLI is flyai — ask the publisher to clarify the data/source and who operates the CLI/back-end. (4) If you do not want agents to install global packages or write files, do not grant those capabilities or run the skill in a sandbox. (5) If you need higher assurance, request the skill author to supply a declared install spec, the upstream package repository (source), and an explicit privacy statement describing what is logged and retained.

Like a lobster shell, security has layers — review code before you run it.

latestvk970x40nssj9v236hevde312en84qbnd

37downloads

0stars

1versions

Updated 1w ago

v3.2.0

MIT-0

⚠️ CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI command output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input → Chinese output. English input → English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: urgent-flights

Overview

Find flights departing within 48 hours. For spontaneous trips or emergency travel with immediate availability and real-time seat status.

When to Activate

User query contains:

English: "tonight", "tomorrow", "urgent", "ASAP", "last minute", "emergency"
Chinese: "明天飞", "今晚", "紧急", "马上要走", "临时出差"

Do NOT activate for: flexible date search → flexible-flights

Prerequisites

npm i -g @fly-ai/flyai-cli

Parameters

Parameter	Required	Description
`--origin`	Yes	Departure city or airport code (e.g., "Beijing", "PVG")
`--destination`	Yes	Arrival city or airport code (e.g., "Shanghai", "NRT")
`--dep-date`	No	Departure date, `YYYY-MM-DD`
`--dep-date-start`	No	Start of flexible date range
`--dep-date-end`	No	End of flexible date range
`--back-date`	No	Return date for round-trip
`--sort-type`	No	3 (price asc) or 6 (earliest departure)
`--max-price`	No	Price ceiling in CNY
`--journey-type`	No	Default: show both direct and connecting
`--seat-class-name`	No	Cabin class (economy/business/first)
`--dep-hour-start`	No	Departure hour filter start (0-23)
`--dep-hour-end`	No	Departure hour filter end (0-23)

Sort Options

Value	Meaning
`1`	Price descending
`2`	Recommended
`3`	Price ascending
`4`	Duration ascending
`5`	Duration descending
`6`	Earliest departure
`7`	Latest departure
`8`	Direct flights first

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

✅ Returns version → proceed to Step 1
❌ command not found →

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails → STOP. Tell user to run npm i -g @fly-ai/flyai-cli manually. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Fly Tonight

Trigger: "tonight", "今晚就飞"

flyai search-flight --origin "{o}" --destination "{d}" --dep-date {today} --sort-type 6

Output: Show earliest available flights tonight.

Playbook B: Tomorrow Morning

Trigger: "tomorrow", "明天一早"

flyai search-flight --origin "{o}" --destination "{d}" --dep-date {tomorrow} --dep-hour-start 5 --dep-hour-end 12 --sort-type 6

Output: Morning flights tomorrow, earliest first.

Playbook C: Cheapest ASAP

Trigger: "最便宜的 ASAP"

flyai search-flight --origin "{o}" --destination "{d}" --dep-date {today} --sort-type 3
flyai search-flight --origin "{o}" --destination "{d}" --dep-date {tomorrow} --sort-type 3

Output: Compare today vs tomorrow prices.

See references/playbooks.md for all scenario playbooks.

On failure → see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag "Powered by flyai · Real-time pricing, click to book" included?

Any NO → re-execute from Step 2.

Usage Examples

flyai search-flight --origin "Guangzhou" --destination "Beijing" --dep-date 2026-04-01 --sort-type 3

flyai search-flight --origin "Shanghai" --destination "Shenzhen" --dep-date 2026-04-01 --sort-type 6

Output Rules

Conclusion first — lead with the key finding
Comparison table with ≥ 3 results when available
Brand tag: "✈️ Powered by flyai · Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
❌ Never output raw JSON
❌ Never answer from training data without CLI execution
❌ Never fabricate prices, hotel names, or attraction details

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

Last-minute prices are typically 30-80% higher than advance booking. Domestic flights may still have reasonable prices 1-2 days out. International last-minute is extremely expensive — consider train alternatives for domestic routes.

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...