Skiplagged Flights
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: skiplagged-flights Version: 1.0.1 The skill is designed to query Skiplagged's public API for flight searches using the `mcporter` CLI tool. All instructions in `SKILL.md` are aligned with this stated purpose, detailing how to use `mcporter` with a specific, public API endpoint (`https://mcp.skiplagged.com/mcp`). The skill declares `mcporter` as a required binary and provides standard installation instructions. There is no evidence of data exfiltration, malicious execution (beyond the intended API calls), persistence mechanisms, obfuscation, or prompt injection attempts against the agent to perform unauthorized actions. The instructions for response formatting are also benign and focused on user experience.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require adding the mcporter CLI to your environment.
The skill depends on installing the mcporter Node package to provide the CLI used in all examples. This is aligned with the skill's MCP-calling purpose, but it is still a third-party executable dependency.
node | package: mcporter | creates binaries: mcporter
Install mcporter from a trusted package source and keep it updated; review the package if your environment has strict supply-chain requirements.
Your flight or travel search details, such as routes and dates, are sent to Skiplagged's public MCP service.
The skill communicates with an external MCP server and sends travel-search parameters there. This is clearly disclosed and central to the flight-search purpose.
Server URL: `https://mcp.skiplagged.com/mcp` ... Auth: none (public server)
Use the skill only for travel queries you are comfortable sharing with Skiplagged, and avoid entering unnecessary personal information.