Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Flight Baggage Check
v1.0.0Check airline baggage compliance, carry-on vs checked rules, excess baggage, and the cheapest compliant packing plan. Use for questions about overweight lugg...
⭐ 0· 37·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's purpose (baggage compliance and cheapest packing plan) aligns with the instructions, but SKILL.md mandates calling other skills (flight-helper:baggage_rules, flight-helper:premium_cabin_info, and the 'flyai' skill) and using a browsing/screenshot capability. Those external dependencies are required by the instructions yet not declared in registry metadata (no required skills, env, or capabilities listed), which is incoherent and may lead to failures or unexpected behavior.
Instruction Scope
Runtime instructions require: (1) calling other named skills for authoritative rules and price checks; (2) performing live web browsing and producing at least two official screenshots (airline baggage rules and special-items rules); (3) querying 'Manage Booking' and other pages that may require login. These actions go beyond a simple offline rules lookup and could lead the agent to access protected pages or prompt users for credentials. The SKILL.md also forces strict output formatting and mandatory screenshot evidence, which will push the agent to fetch and store external site content.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That reduces risk from arbitrary downloaded code or filesystem writes.
Credentials
No environment variables, credentials, or config paths are requested (which is good). However, the instructions explicitly require access to other skills and to possibly-authenticated airline pages (Manage Booking). The skill does not declare or request credentials or clarify how to handle pages behind login, creating a proportionality gap: it asks for data that may only be available with user credentials but doesn't request or constrain how those credentials should be provided.
Persistence & Privilege
The skill does not request always: true and has no install-time persistence. It does not modify other skills' configs per the provided metadata.
What to consider before installing
Before installing or enabling this skill, be aware that: (1) the SKILL.md requires the agent to call other internal skills (flight-helper and flyai) and to fetch official webpages and screenshots, but the skill does not declare those dependencies—confirm your agent actually has those companion skills available; (2) the skill forces the agent to capture official screenshots and to consult 'Manage Booking' pages, which may trigger attempts to access pages behind logins — never paste airline account credentials into an untrusted skill; (3) because there is no code, the risk is from web access and cross-skill calls rather than downloaded binaries, but those calls can still expose personal booking data; (4) if you choose to use it, test with non-sensitive examples first, and require the agent to ask for explicit permission before attempting to log in to any account or access protected booking pages; (5) ask the skill author to explicitly list required companion skills/capabilities and to document how authenticated pages should be handled (e.g., 'do not attempt login; ask user to provide screenshots or booking info').Like a lobster shell, security has layers — review code before you run it.
latestvk97acnwpy9sw580k16zrrnte45841zwn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.