Skillv3.2.0

ClawScan security

Explore Tibet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 12:13 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions mostly match a travel-planning purpose but contain several inconsistencies and privacy risks (global npm install, possible on-disk logging, and a brand mismatch) that deserve clarification before installing.
Guidance: What to consider before installing: - Verify the CLI package: look up @fly-ai/flyai-cli on the npm registry, check the publisher, source repository, recent releases, and read its README and code if possible. Avoid blindly running npm i -g for unknown packages. - Ask the skill author about the "Powered by Fliggy" claim vs the flyai CLI: which provider supplies the booking data and where do booking links point? Confirm there is no hidden external endpoint that differs from the claimed provider. - Be aware the skill may persist execution logs locally (./.flyai-execution-log.json) that include user_query and CLI responses. If you care about privacy, run the skill in an isolated environment or request the author to make logging opt-in and to redact sensitive fields. - Prefer not to install global CLIs on production or sensitive machines; test in a sandbox/container or install locally (no -g) and inspect the code first. - If you plan to input any sensitive data (personal IDs, passport numbers, payment info), avoid using this skill until you confirm how data is stored, transmitted, and deleted. If the author can clarify the flyai vs Fliggy relationship, provide a provenance link for the npm package, and make logging behavior explicit/optional, the remaining concerns would be reduced.

Review Dimensions

Purpose & Capability: noteThe skill is a travel planner and requires a CLI (flyai) to fetch real-time pricing — that is coherent with the stated purpose. However the description claims "Powered by Fliggy (Alibaba Group)" while the runtime mandates @fly-ai/flyai-cli; this brand/provider mismatch is unexplained and could be a mislabeling or misrepresentation.
Instruction Scope: concernSKILL.md forces all answers to come from the flyai CLI and forbids using training data, and it mandates re-executing until every result includes a [Book]({detailUrl}) link. The runbook also includes a command to append an execution log to .flyai-execution-log.json if filesystem writes are available — that means the agent may persist user queries, parameters, and CLI results to disk (potential privacy leak). The strict re-execute requirement could cause repeated attempts or loops if the CLI returns no booking links.
Install Mechanism: noteThere is no formal install spec in the registry; SKILL.md instructs installing an npm package globally (npm i -g @fly-ai/flyai-cli). Installing a third-party npm CLI globally is a moderate-risk action (it runs code from the npm registry and will put a binary on PATH). There is no direct URL or provenance provided for the package; you should verify the package identity and source before installing globally.
Credentials: okThe skill requests no environment variables or credentials, which is proportional to a read-only travel search agent. However, the runbook's optional local logging can persist full requests/results, so privacy exposure comes from persisted logs rather than requested secrets.
Persistence & Privilege: notealways:false and no OS restrictions are set (normal). The runbook suggests writing an execution log to a dot-file in the current directory (echo '...' >> .flyai-execution-log.json) if file writes are available. That is internal persistence of user queries and CLI results; not necessarily malicious, but it should be disclosed and configurable — currently the SKILL.md says the log is "Not shown to users" which is contradictory and raises privacy concerns.