Ancient Inn
v3.2.0Find traditional inns inside ancient towns and water villages — courtyard houses, wooden architecture, lantern-lit alleys, and old-world charm. Also supports...
⭐ 0· 88·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the runtime instructions: the skill is a CLI-driven finder for inns and related bookings. One small mismatch: the description lists many travel services (flights, visas, insurance) but the SKILL.md's concrete commands only cover POI and hotel searches (hotel/inn bookings). This is likely just scope breadth in prose rather than functional inconsistency.
Instruction Scope
The instructions are narrowly scoped to running the flyai CLI and formatting its JSON output. They explicitly forbid using training data and require every result to come from flyai outputs. The runbook does instruct the agent to persist an execution log (.flyai-execution-log.json) containing raw user queries and CLI calls — this creates local data persistence and should be understood by the user.
Install Mechanism
There is no formal install spec in the registry; instead the SKILL.md tells the agent to run 'npm i -g @fly-ai/flyai-cli' at runtime if the CLI is missing. Installing a global npm package at runtime can execute arbitrary code from the npm registry. This is coherent with the skill's purpose (it needs a CLI) but constitutes a real risk unless you validate the package's source and integrity.
Credentials
The skill requests no environment variables or external credentials and does not demand unrelated system paths. The main privacy/IO concern is local log persistence of user queries and CLI results; otherwise requested access is proportional to the task.
Persistence & Privilege
always:false and normal autonomous invocation are used (no elevated privileges). The skill's runbook asks to append logs to a local file if filesystem writes are available which is a modest persistence action but limited to its own log file; it does not request to alter other skills or system-wide settings.
Assessment
This skill is coherent: it relies on a third-party CLI ( @fly-ai/flyai-cli ) to return live hotel/inn data and enforces that results originate from that CLI. Before installing or allowing the agent to run it, verify the CLI package provenance (check the package on npmjs.org and its repository, review maintainers, release history, and permissions). Prefer running the CLI installation in an isolated environment (container/VM) or install the CLI yourself rather than letting the agent run npm -g. Be aware the skill will log queries and CLI calls to a local .flyai-execution-log.json file — if that concerns you for privacy, limit filesystem write permissions or ask the agent not to persist logs. Finally, if you expect flight/train/visa workflows, confirm the CLI actually exposes those commands (the SKILL.md mainly documents hotel/POI commands).Like a lobster shell, security has layers — review code before you run it.
latestvk97cze4wn0n0bvkqeem7khn3rx84k912
License
MIT-0
Free to use, modify, and redistribute. No attribution required.