Skillv1.1.1

ClawScan security

flights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 4, 2026, 2:55 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent for searching flights but instructs the agent to send user trip data to an external, unverified API endpoint without authentication or privacy guarantees — this is coherent with its purpose but raises data-exfiltration and third-party trust concerns.
Guidance: This skill appears to do what it says (flight searches) but will send users' trip details (dates, origins/destinations, passenger counts) to https://skill.flight.51smart.com. Before installing or enabling it, verify the operator/service (51smart) and their privacy policy/data retention practices. Consider asking users for explicit consent before sending personally identifiable travel info, test with non-sensitive queries, and avoid using the skill for queries containing real passenger names, payment info, or other sensitive data. If you need stronger guarantees, prefer skills that use well-known, audited APIs or that document authentication and data-handling practices.

Purpose & Capability: okName, description, and instructions align: the skill parses flight queries, converts cities to IATA codes, aggregates price-calendar queries, and POSTs to a flight-search API. There are no unrelated binaries, installs, or credentials requested.
Instruction Scope: noteSKILL.md explicitly instructs the agent to POST user-provided origin/destination/dates/passenger info to https://skill.flight.51smart.com/api/search. It does not read local files or extra env vars, but it does transmit user PII (travel dates, passenger counts, city choices) to a third-party endpoint without authentication or stated data-retention/privacy terms — a privacy and trust risk worth noting.
Install Mechanism: okInstruction-only skill with no install steps and no code files; nothing is written to disk or installed locally.
Credentials: okRequires no environment variables, credentials, or config paths — the requested privileges are minimal and proportionate to the stated functionality.
Persistence & Privilege: okalways is false and the skill is user-invocable; it does not request permanent inclusion or elevated agent-wide privileges.