expat-relocation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may install third-party software globally on your computer before showing flight results.
This mandates a runtime global installation of an unpinned npm package. npm installs can execute package code and modify the local environment, while the package itself is not included for review here.
If flyai-cli is not installed, install it first... `npm i -g @fly-ai/flyai-cli`
Only allow the install if you trust @fly-ai/flyai-cli. Prefer a user-approved, pinned, documented install step or run it in a sandboxed environment.
Your travel search details may be processed by the external flight-booking provider, and clicking results may take you to booking pages.
The skill directs the agent to send route/date parameters to the flyai CLI and present provider booking links. This fits the stated travel-booking purpose, but users should notice the external tool and links.
`flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2` ... `Every result MUST have a [Book]({detailUrl}) link.`Use the skill only when you are comfortable sharing the itinerary details with the provider, and verify prices and URLs before booking.