Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Explore Korea
v3.2.0Plan your Korea experience — Seoul's palaces and K-pop culture, Busan's beaches, Jeju Island's nature, Korean BBQ crawls, and K-beauty shopping. Also support...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to plan Korea travel and to be 'Powered by Fliggy', and its runtime instructions consistently call a flyai CLI. Requiring a CLI to fetch real-time booking data is coherent for a travel skill, but the manifest lacks any declared install or source and the branding ('Fliggy') does not match the CLI name ('flyai' / @fly-ai/flyai-cli), which is an unexplained inconsistency worth questioning.
Instruction Scope
The SKILL.md mandates that every answer must come exclusively from the flyai CLI (never use training data) and includes a 'self-test' that forces re-execution until a [Book](...) link is present — this could cause repeated external calls or loops. The runbook instructs writing an execution log to .flyai-execution-log.json containing full user_query and CLI calls; that persists potentially sensitive user input locally. The skill also instructs automatic installation if the CLI is missing, which expands runtime actions beyond mere queries.
Install Mechanism
There is no registry install spec; the SKILL.md tells the agent to run 'npm i -g @fly-ai/flyai-cli' if flyai isn't present. A global npm install is a moderate-risk action (it will write code to disk and run code from the npm registry). That is arguably necessary for a CLI-driven skill, but because the skill package source and trustworthiness are not declared, this is an area to verify before proceeding.
Credentials
The skill requests no environment variables or credentials in the registry metadata (good). However, the flyai CLI itself may require or use credentials or perform network I/O; the skill does not document how CLI authentication works. Also, the runbook's persistent execution log will record user queries and CLI commands, which could include sensitive details — the skill does not describe log retention or encryption.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. However it instructs creating and appending to a local file (.flyai-execution-log.json) if filesystem writes are available, which gives it persistent artifacts on disk containing user queries and call metadata. This is within the skill's scope but increases persistent exposure of data.
What to consider before installing
This skill is plausible for real-time travel planning but has a few red flags to verify before installing or enabling it:
- Confirm the CLI package: look up @fly-ai/flyai-cli on the npm registry (author, homepage, recent versions, and trust signals). Installing a global npm package runs third-party code on your system.
- Ask the publisher why the skill says 'Powered by Fliggy' but uses a 'flyai' CLI — clarify the actual backend/service and where data is sent.
- Expect the skill to perform network I/O and possibly require CLI authentication; ask how credentials are handled and whether any secrets will be stored.
- The runbook writes .flyai-execution-log.json with user_query and CLI call logs. If you care about sensitive queries, run this skill only in an isolated environment or after modifying the runbook behavior.
- The 'self-test' rule (re-execute until a [Book](...) link appears) could cause repeated calls; watch for unexpected network traffic or repeated bookings attempts.
If you decide to proceed: manually inspect the flyai-cli package first, prefer manual (not automatic) installation, run the CLI in a sandbox/container, and verify network endpoints and auth behavior. If any of these clarifications are unavailable, treat the skill cautiously or prefer a travel skill with transparent source code and declared install metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk971sr01vje47xy28wm3zf77yh84gdmv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.