Skillv3.2.0

ClawScan security

Plan Dubai Travel — Flights, Hotels, Burj Khalifa, Desert Safari, Malls & Itineraries · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 13, 2026, 11:47 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's runtime instructions require installing and running an external CLI and writing execution logs, but the manifest omits the CLI/install spec and contains a few mismatches (e.g., Fliggy mention vs. flyai CLI); these inconsistencies and the global npm install/write-to-disk behavior warrant caution.
Guidance: This skill is plausibly a genuine travel-planning wrapper around a third‑party CLI, but there are a few red flags: (1) the registry metadata omits the required flyai CLI even though the skill insists it must be installed and used; (2) it instructs the agent to run a global npm install (@fly-ai/flyai-cli) at runtime — you should only allow that if you trust the package/publisher; (3) the runbook suggests writing an execution log (.flyai-execution-log.json) that can contain your raw queries and parameters (possible PII). Before installing/use, consider: verify the npm package and publisher on the npm registry (review package code and maintainer), run the skill in a sandboxed environment (or container) so global installs and file writes are isolated, ask the skill author to add an explicit install spec and to document what is logged and for how long, and ensure any persisted logs are stored securely or disabled if you handle sensitive data. If you cannot verify the flyai CLI or do not want local persistence of conversation data, do not install or run this skill.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly requires the @fly-ai/flyai-cli and mandates that every answer come from its output; however the top-level registry metadata lists no required binaries or install spec. Additionally the description mentions "Powered by Fliggy (Alibaba Group)" while the instructions exclusively use the flyai CLI — this is a mismatch that could indicate sloppy packaging or false branding. A consumer would reasonably expect the manifest to declare the flyai CLI as a required binary or include an install step.
Instruction Scope: concernThe instructions force the agent to (a) install/run an external CLI (npm i -g @fly-ai/flyai-cli) if absent, (b) never answer from training data, (c) rely strictly on CLI JSON outputs and include booking links, and (d) maintain an internal execution log that may be written to disk (.flyai-execution-log.json). The runbook's recommended persistent log can capture full user_query and other data (potentially sensitive/PII). There are no instructions to redact or limit what's logged.
Install Mechanism: noteThis is an instruction-only skill (no install spec in registry), but the runtime instructions tell the agent to perform a global npm install of @fly-ai/flyai-cli. Installing an npm package globally at runtime is a moderate-risk action: the package source (npm registry/package owner) is not documented in the skill metadata and therefore not verified by the registry. The absence of a declared install spec in the registry is an inconsistency and reduces auditability.
Credentials: okThe skill does not request environment variables, credentials, or config paths in the registry metadata. The runtime steps also do not demand secrets. However, the execution log will capture the user_query and parameter values (which could include personal data) if persisted — the skill does not require or request secrets but may store user inputs.
Persistence & Privilege: noteThe skill is not marked always:true and does not request elevated system privileges. It does, however, instruct the agent to create a persistent execution log and suggests appending it to a file in the working directory if filesystem writes are available. That behavior increases persistence of user queries locally and could escalate privacy risk if the environment is shared or backed up.