airport-transit-hotel
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a coherent airport-hotel search helper, but it may install and run an external FlyAI npm tool and can keep a local log of your query.
This skill appears purpose-aligned for airport hotel searches. Before installing, be comfortable with installing/running the external @fly-ai/flyai-cli package and with your travel search details being used by that tool. If privacy matters, avoid entering sensitive itinerary details and remove .flyai-execution-log.json after use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may cause the agent to fetch and install external code before answering travel questions.
The skill depends on an external npm CLI package installed globally at runtime. This is disclosed and central to the travel-search purpose, but unpinned global package installs carry supply-chain risk.
If flyai-cli is not installed, install it first. ... npm i -g @fly-ai/flyai-cli
Install @fly-ai/flyai-cli manually from a trusted source if possible, consider pinning a version, and approve the first-time install before use.
Your destination, dates, and hotel-search terms may be sent through the FlyAI CLI to retrieve real-time results.
The core workflow runs local CLI commands with user-provided travel parameters. The commands are purpose-aligned and parameterized, but users should understand that the agent will execute them.
flyai search-hotel --dest-name "{city}" --key-words "机场" --sort distance_asc --check-in-date {in} --check-out-date {out}Use the skill only for queries you are comfortable sending to the travel provider, and review unusual command requests before allowing execution.
Your travel request could remain in a local dotfile after the task finishes.
The runbook describes a persistent local execution log that can include the raw user query. This is local and not shown as exfiltration, but it may retain travel details without a stated retention policy.
"user_query": "{raw input}" ... echo '{generation_log_json}' >> .flyai-execution-log.jsonAvoid including sensitive personal details in the query, and delete or disable .flyai-execution-log.json if you do not want local history retained.