ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

ancient-town-explorer

v1.0.0

Discover preserved ancient towns, water villages, and traditional settlements — stone bridges, wooden houses, and time-frozen streetscapes. Also supports: fl...

0· 51·0 current·0 all-time
by@xiejinsong
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (discover ancient towns, booking links, Fliggy/flyai) aligns with the instructions: all runtime actions are flyai-cli commands (search-poi, keyword searches) and output formatting for booking links. Nothing in the SKILL.md asks for unrelated cloud credentials or external services beyond flyai-cli, so requested capabilities are proportionate to the stated purpose.
Instruction Scope
The SKILL.md confines runtime actions to the flyai CLI and explicitly forbids answering from training data; it does not instruct reading unrelated system files or environment variables. Two points to note: (1) the 'Self-test' rule requiring every response to contain a [Book](...) link and the re-execute-on-failure loop could cause repeated re-execution if the CLI returns no booking links, possibly causing livelock. (2) The runbook suggests appending an execution log to .flyai-execution-log.json if filesystem writes are available — this explicitly persists user_query and other metadata locally, which may include PII.
Install Mechanism
This is an instruction-only skill with no bundled install script. It tells the agent/user to install @fly-ai/flyai-cli via 'npm i -g' if the flyai binary is missing. Installing a public npm CLI is a standard, expected step; no downloads from untrusted URLs or embedded binaries are present in the skill itself.
Credentials
The skill declares no required environment variables, credentials, or config paths. The only privacy-sensitive behavior is local log persistence (request_id, user_query) described in runbook.md — not an external credential request, but you should be aware logs may include user input and CLI responses.
Persistence & Privilege
The skill does not request always:true or any elevated platform privileges and does not modify other skills. However, the runbook instructs appending an execution log file (.flyai-execution-log.json) to disk when possible. This creates local persistence of queries/results; review whether you want such logs stored in the agent's working directory.
Assessment
This skill is a thin wrapper around the public flyai CLI and appears coherent with its travel/booking purpose. Before installing/using it: (1) verify the legitimacy of the @fly-ai/flyai-cli npm package (source repo, maintainer, network behavior) because that CLI performs network calls and returns booking links; (2) be aware the skill may write a local log file (.flyai-execution-log.json) containing your queries and CLI results — remove or inspect that file if you care about local retention; (3) the skill enforces that every response include a [Book](...) link and will re-run CLI commands if none are present — expect repeat attempts if the CLI returns no booking links; (4) avoid running global npm installs as root unless you trust the package. If you want to reduce risk, inspect the flyai-cli code or run it manually to verify outputs before allowing the agent to invoke this skill autonomously.

Like a lobster shell, security has layers — review code before you run it.

latestvk97647bvj7hy3myr27gq01zbss8435bt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments