Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Winter Snow Travel
v3.2.0Plan winter wonderland trips — fresh powder ski resorts, Harbin ice festival, snow village stays, hot springs in the snow, and aurora viewing opportunities....
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description claims bookings are "powered by Fliggy (Alibaba Group)", but every runtime instruction references a different CLI package (@fly-ai/flyai-cli / flyai). No credentials or API keys for Fliggy are requested, and there is no explanation for how flyai relates to Fliggy. This mismatch between stated backend and the actual required tooling is incoherent.
Instruction Scope
The SKILL.md mandates installing and using the flyai CLI, forbids using training data, and requires all answers to come from flyai CLI output. It also references several local reference files (references/*.md) that are not present in the package and contains ambiguous non-CLI lines (e.g., "Flight to HRB + hotel + ...") instead of explicit commands. The instructions also enforce a strict re-execute loop if outputs lack a specific link format, which could cause repeated network/install attempts.
Install Mechanism
The registry contains no install spec, yet the runtime instructions require running 'npm i -g @fly-ai/flyai-cli' if flyai isn't found. Asking the agent to perform a global npm install at runtime is a non-declared, potentially privileged installation step (network download and system modification) and should have been declared by the skill metadata or vetted. The npm package source is plausible but not verified here.
Credentials
No environment variables or credentials are requested, which superficially reduces risk — but booking-capable skills typically require API keys or accounts. The absence of declared credentials or any guidance on authentication is notable and unexplained given the booking/real-time-pricing claims.
Persistence & Privilege
The skill does not request 'always: true' or other elevated platform privileges. However, its runtime behavior requires installing a global CLI tool (npm i -g), which is a system-level action that can persist on the host. Autonomous invocation combined with the install instruction increases the practical blast radius if the CLI is untrusted.
What to consider before installing
This skill intends to act as a wrapper around a third-party CLI, but there are several red flags: (1) the description says "powered by Fliggy" while the instructions require a different package (flyai). Ask the publisher to clarify the backend and show how authentication works. (2) The skill instructs a global npm install at runtime — review the @fly-ai/flyai-cli npm package (publisher, source code, recent versions, and permissions) before allowing installation. (3) References templates/playbooks/fallback files referenced in SKILL.md are missing from the package — request those files or clearer, executable command examples. (4) Because the skill enforces re-running commands until particular link formats appear, it could trigger repeated network/install activity; consider restricting or sandboxing such behavior. If you plan to use it: verify the CLI package on npm/GitHub, confirm the Fliggy integration and required credentials, and avoid running a global install on a sensitive system until you trust the package. If you cannot verify these, do not install or enable the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97chknwr0r9t80g7112kb9c3584m9hn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.