Back to skill
Skillv3.2.0
ClawScan security
gap-year-travel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 24, 2026, 8:04 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions (calling a flyai CLI and installing it via npm if missing) line up with its travel-booking purpose; no unrelated credentials, files, or hidden endpoints are requested, though it will install and run a third‑party CLI at runtime which you should verify before allowing.
- Guidance
- This skill is coherent with its stated purpose: it runs a third-party CLI (flyai) to fetch real-time fares and requires that every result include a booking link. Before installing or allowing execution, consider: 1) Verify the npm package @fly-ai/flyai-cli on the npm registry (author, version, README, popularity, and recent publish history). 2) Install the CLI in a controlled environment (container or VM) if you don't trust global installs. 3) Ensure you trust the network endpoints the CLI contacts (it will fetch live pricing/booking URLs). 4) The skill does not request your credentials, but if booking later requires entering payment or account info, confirm the booking destination is legitimate. 5) If you prefer not to allow runtime installs, ask the skill owner for an explicit install spec or a vetted binary/source before enabling. If you want additional assurance, provide the flyai CLI package name/version or a link to its homepage and I can re-assess with that info.
Review Dimensions
- Purpose & Capability
- okName/description (flight/hotel/train booking) match the runtime instructions: all runtime steps call a 'flyai' CLI (search-flight, keyword-search) and format results for booking. No requests for unrelated cloud credentials, system paths, or surprising capabilities.
- Instruction Scope
- okSKILL.md is prescriptive: collect origin/destination, run flyai CLI, format CLI JSON into markdown with [Book](detailUrl) links, and re-execute if validation fails. It does not instruct reading arbitrary local files or exfiltrating unrelated data. The strict rule 'never answer from training data' is unusual but consistent with relying solely on CLI output.
- Install Mechanism
- noteThe skill is instruction-only (no install spec in registry) but mandates installing a third-party CLI at runtime via `npm i -g @fly-ai/flyai-cli` if flyai is missing. Installing a global npm package is a moderate-risk action because it downloads and runs remote code; this is proportional to a CLI-based skill but worth verifying the package and source before allowing the install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or system config. It does require network access to run the CLI and access booking detailUrl links (expected for purpose).
- Persistence & Privilege
- okalways:false and no special privileges are requested. The skill does not request persistent presence, modify other skills, or access other skills' configs. Autonomous invocation is allowed by default (normal) but not combined with other red flags here.