Skillvv3.2.3

ClawScan security

family-trip · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 9, 2026, 7:22 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally consistent with a travel/booking wrapper around a third-party CLI (flyai-cli), but it requires installing a global npm package and writes local execution logs, so verify the CLI's trustworthiness before installing.
Guidance: This skill appears to do what it claims (a flyai-cli wrapper for family travel planning), but before installing or using it you should: 1) Verify the @fly-ai/flyai-cli package on npm/GitHub (publisher, repo, recent releases, and postinstall scripts) to ensure you trust the code you will install globally; 2) Prefer inspecting the package source or using a sandbox/container or local (non-global) install to reduce host impact; 3) Be aware the skill's runbook may append a local .flyai-execution-log.json containing your raw user queries and command results—avoid including sensitive personal data in queries or run the skill where that log cannot leak; 4) Expect the agent to refuse to answer from training data and to require the CLI to succeed (it will not fall back to knowledge-based answers), which can lead to repeated network/CLI calls if a result lacks the required booking link; and 5) If you need higher assurance, ask the publisher/source for the official repository or package checksum and confirm the Fliggy/Flyai affiliation before proceeding.

Review Dimensions

Purpose & Capability: okThe skill is presented as a wrapper around the flyai CLI for real-time travel/booking data (flights, hotels, POIs). It declares no unrelated env vars or binaries and its required actions (installing and invoking flyai-cli) are coherent with the stated purpose.
Instruction Scope: noteSKILL.md forces the agent to obtain every piece of data from the flyai CLI and forbids using training data. It also instructs the agent to maintain a runbook and, if filesystem writes are available, append a JSON log (.flyai-execution-log.json) containing user_query and other execution details. This local logging of raw user queries could store sensitive input and the requirement to re-execute until [Book](...) links are present may cause repeated CLI/network calls. Functionally consistent, but privacy and looping behavior are worth noting.
Install Mechanism: noteThere is no formal install spec in the registry, but SKILL.md mandates installing @fly-ai/flyai-cli with `npm i -g`. A global npm install is expected for a CLI wrapper, but global npm packages can run arbitrary postinstall scripts and execute code on the host — this is a moderate-risk action and should be validated against the official package source (registry/GitHub).
Credentials: okThe skill requests no environment variables or credentials, which is proportional. Caveat: the runbook/log will capture the raw user_query and CLI results locally, which could include sensitive details if the user provides them.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills. It may write an execution log to the current working directory if filesystem access is available; this is limited persistence and scoped to the agent's environment.