Skillv3.2.0

ClawScan security

Breakfast Hotel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 10, 2026, 5:05 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a hotel-search purpose, but it asks the agent to install and run an external npm CLI at runtime (not declared in the registry), optionally write local execution logs, and its description claims broader capabilities than the SKILL.md actually implements — these mismatches and the runtime install behavior warrant caution.
Guidance: Before installing or enabling this skill consider: (1) The skill requires running or installing an external npm CLI (@fly-ai/flyai-cli) at runtime — only allow this if you trust that package and its publisher; inspect the npm package page and its maintainers. (2) The skill may write an execution log to .flyai-execution-log.json that could contain your queries and parameters — decide if local logging is acceptable. (3) The description advertises features (flights, insurance, etc.) that are not present in the SKILL.md; ask the author for a homepage or source repo to verify scope. (4) If you do enable it, prefer to manually install @fly-ai/flyai-cli (so you can review it) rather than letting an agent perform a global npm install autonomously. If you need higher assurance, request an install spec and package source (GitHub/npm links) or decline until the publisher and package can be audited.

Review Dimensions

Purpose & Capability: noteName/description: find hotels with breakfast included (mentions Fliggy and many other travel features). Actual artifact: SKILL.md and playbooks focus nearly exclusively on hotel searches via a flyai CLI. The broad list of supported features (flights, insurance, etc.) in the description is not reflected in the instructions — a minor coherence gap but not necessarily malicious.
Instruction Scope: noteSKILL.md confines runtime actions to calling the flyai CLI and formatting results. It enforces 'never answer from training data' and mandates that every result include a [Book]({detailUrl}) link. The runbook suggests persisting an execution log (.flyai-execution-log.json) if filesystem writes are available — this will persist user queries/commands locally. No instructions ask the agent to read unrelated system files or environment variables.
Install Mechanism: concernThere is no declared install spec in the registry; instead the runtime instructions tell the agent to run 'npm i -g @fly-ai/flyai-cli' if the CLI is missing. Installing a global npm package at runtime is a non-trivial operation (network fetch, code executed on host) and is higher-risk than an instruction-only skill. While using an npm package for a CLI is plausible, the skill should ideally declare the install behavior or provide a vetted homepage/source so users can inspect the package before allowing installation.
Credentials: okThe skill declares no required environment variables, no credentials, and no config paths. The CLI-based workflow reasonably does not need additional secrets declared in the skill. There are no hidden env-var accesses in SKILL.md.
Persistence & Privilege: notealways:false and no special privileges are requested. However the runbook includes an optional local append to '.flyai-execution-log.json' which will persist executed commands and user queries in the working directory. This is not required for the skill's stated purpose but is suggested for logging; users should consider whether local persistence of queries is acceptable.