Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Budget Backpacker
v3.2.0Plan backpacking trips — ultra-budget itineraries, hostel recommendations, multi-city routes, and survival tips for long-term budget travelers. Also supports...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's functionality (flight/hotel/POI searches) matches using a travel CLI (flyai). However the SKILL.md requires installing and invoking @fly-ai/flyai-cli even though the registry shows no install spec; that mismatch (instruction-only skill that nevertheless demands a global npm install) is an inconsistency to be aware of.
Instruction Scope
The instructions require every answer to come solely from flyai CLI output, mandate specific link/brand formatting, and include a runbook that logs request_id, full user_query, CLI commands/responses and risk_flags. The runbook explicitly suggests writing a persistent .flyai-execution-log.json to disk if filesystem writes are available. Those file writes and the strict 'only CLI' constraint broaden the agent's actions beyond simple ephemeral query handling.
Install Mechanism
No install spec is present in the registry metadata, but SKILL.md tells the agent to run `npm i -g @fly-ai/flyai-cli` when flyai is missing. That means this instruction-only skill expects to perform a global npm install at runtime (networked code installation and execution) even though the package provenance isn't surfaced here. Global npm installs executed by the agent environment can be high-impact.
Credentials
The skill does not declare any required environment variables or credentials (proportionate to a public CLI-based travel tool). However, because the runbook logs CLI calls and full user queries, any sensitive data accidentally supplied by the user (or returned by CLI responses) could be captured in persistent logs — a potential privacy risk despite no explicit credential requests.
Persistence & Privilege
The runbook instructs persisting an internal execution log to .flyai-execution-log.json (if filesystem writes are available). The registry metadata did not declare any config or path writes. Persistent logging of full queries and CLI outputs increases long-term risk (exfiltration, disclosure of sensitive data) and is not disclosed in the skill metadata.
What to consider before installing
Before installing or enabling this skill: 1) Note the skill will try to install and run a third-party npm package (@fly-ai/flyai-cli) if not present — verify that package on npm/GitHub and only allow installation in a controlled environment. 2) The skill's runbook suggests writing a persistent file (.flyai-execution-log.json) containing request IDs, raw user queries, and full CLI calls/results — if you have sensitive data in queries, this could be stored locally. 3) The skill's source/homepage is unknown and the registry metadata does not declare the install or file-write behavior shown in SKILL.md; that mismatch is suspicious. 4) If you still want to try it, run flyai-cli manually in a sandbox first to inspect outputs and logging behavior, and avoid providing secrets or credentials during testing. 5) If possible, ask the publisher for the package repository, code audit, and explicit declaration of any filesystem writes and exactly what the CLI logs before enabling the skill in a production agent.Like a lobster shell, security has layers — review code before you run it.
latestvk97d5km5pnwtp6yq8ztem07hq984jgc8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.