economy-flights
AdvisoryAudited by VirusTotal on Apr 24, 2026.
Overview
Type: OpenClaw Skill Name: economy-flights Version: 3.2.0 The skill requires the AI agent to perform high-risk system operations, specifically the global installation of an external npm package (`@fly-ai/flyai-cli`) and the use of `sudo` for elevated privileges if the initial installation fails (found in SKILL.md and fallbacks.md). While these actions are framed as necessary for the flight search functionality, they introduce significant risks of Remote Code Execution (RCE) and Privilege Escalation. The skill also instructs the agent to maintain an internal execution log by appending JSON data to a local file (`.flyai-execution-log.json`), which constitutes unauthorized file system persistence.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could install and run new third-party software on the user's machine when the user only asked for flight results.
The skill requires automatic global installation of an unpinned third-party npm CLI package before use. This is central to the skill, but it is not declared in the install spec or requirements and changes the user's environment.
If flyai-cli is not installed, install it first... npm i -g @fly-ai/flyai-cli
Require explicit user approval before installing the CLI, pin the package/version, declare the binary/install requirement in metadata, and document what the CLI does.
A privileged package install could modify system-wide files or execute package install scripts with elevated access.
The fallback documentation mentions a privileged global npm install path. Even as a fallback, sudo-based installation is high-impact and should not be attempted by an agent without clear user-directed approval.
# Fails → sudo npm i -g @fly-ai/flyai-cli
Remove sudo installation from agent-run instructions; if needed, tell the user to perform installation manually after reviewing the package source and permissions.
Private travel plans or other text included in the user's request could be stored locally and later exposed or reused unintentionally.
The runbook directs the agent to keep an internal log containing raw user input and append it to a local file when possible, without clear user notice, retention limits, or redaction.
"user_query": "{raw input}" ... If file system writes are available: echo '{generation_log_json}' >> .flyai-execution-log.jsonMake logging opt-in, avoid storing raw user input by default, redact sensitive details, define retention, and clearly tell users when a local log file will be created.
Flight search details may be transmitted to the flyai service to retrieve live prices and booking links.
The skill relies on external CLI calls to search flights. This is expected for real-time flight pricing, but users should know their route/date query is being sent through that CLI/provider.
flyai search-flight --origin "{o}" --destination "{d}" --dep-date {date} --seat-class-name economy --sort-type 3Use the skill only for travel searches you are comfortable sending to the provider, and review booking links before clicking or purchasing.