Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
airport-transit-hotel
v1.0.0Find hotels near airports for layovers, early morning flights, or late-night arrivals. Sorted by distance to terminal with shuttle info. Also supports: fligh...
⭐ 0· 26·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description match its instructions: it is explicitly a wrapper for the flyai CLI and all runtime steps call that CLI. However, the registry metadata contains no install spec while the SKILL.md mandates installing @fly-ai/flyai-cli via npm if missing — a minor mismatch but explainable (instruction-only skill relying on an external CLI).
Instruction Scope
The SKILL.md tightly constrains answers to data returned by the flyai CLI (it forbids using training data), which narrows scope. It also mandates re-running CLI calls until results include booking links and enforces specific output formatting. These are coherent with the described purpose but give the skill broad discretion to perform repeated network/API calls and to fail closed if the CLI isn't working.
Install Mechanism
There is no formal install spec in the registry, yet the instructions require running `npm i -g @fly-ai/flyai-cli` at runtime. Installing a global npm package is a networked code install with moderate risk — the skill does not provide checksums, pinned versions, or a vetted release URL. This increases exposure to supply‑chain/remote code risks.
Credentials
The skill declares no required environment variables or credentials, which is consistent with the metadata. However, the flyai CLI (not included) may require authentication or network access; that external dependency is not documented here. Absence of declared credentials is a potential omission worth confirming before use.
Persistence & Privilege
The runbook suggests persisting an execution log to .flyai-execution-log.json if filesystem writes are available. Writing logs that include raw user queries, commands, and potentially booking links introduces persistent local data that may be sensitive. Also, the self-test/retry policy (re-execute until Book links appear) can lead to repeated external calls and additional log entries.
What to consider before installing
This skill appears to be a wrapper around the third‑party flyai CLI and is internally consistent with that purpose, but please consider the following before installing or enabling it:
- Confirm the flyai CLI publisher and review its npm package page (author, versions, weekly downloads, repository, signature/checksum). Installing a global npm package executes remote code — only proceed if you trust the package.
- Check whether the flyai CLI requires API keys or account credentials. The skill does not declare any required env vars; if the CLI needs secrets, ensure you understand where they are stored and that they are not being logged or exposed.
- Expect the skill to perform network calls and to possibly re-run searches until results contain booking links; this may generate repeated traffic and logs.
- The runbook suggests appending a local log file (.flyai-execution-log.json) containing user queries and command details. If you care about privacy, either run the skill in a sandboxed environment, modify the skill to disable persistence, or confirm where logs are stored and who can read them.
- If you want to proceed, inspect the flyai CLI source (or vendor docs) and test the CLI manually (run `flyai --version` and a non-sensitive search) before allowing the agent to run it autonomously.
If you can provide the flyai CLI repository or package link, I can help review it (install script, network endpoints, and whether it requests credentials) which would increase confidence in the assessment.Like a lobster shell, security has layers — review code before you run it.
latestvk97edmdzd3fk0qac6rywyshxwx843pza
License
MIT-0
Free to use, modify, and redistribute. No attribution required.