Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
holiday-flights
vv3.2.1Find flights during Chinese peak travel seasons — Spring Festival, Golden Week, Labor Day, Dragon Boat. Warns about high demand and suggests optimal booking...
⭐ 0· 47·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Skill name/description (holiday-flights using flyai) align with using a vendor CLI, but registry metadata declares no required binaries or install steps while SKILL.md mandates installing and using @fly-ai/flyai-cli. That mismatch (metadata says 'none' but runtime requires a CLI) is an inconsistency. README references a parent flyai skill and a GitHub path, but the 'Source' and 'Homepage' fields are unknown/missing in the registry, reducing traceability.
Instruction Scope
SKILL.md tightly constrains the agent to obtain all data from the flyai CLI and to never use training data. The runbook instructs the agent to create and persist an execution log (.flyai-execution-log.json) containing user_query and CLI results. Persisting these logs could capture sensitive user input or PII. The docs also instruct fallbacks that include running privileged installs (suggesting 'sudo npm i -g' in fallback guidance).
Install Mechanism
There is no formal install spec in the registry, but SKILL.md instructs runtime installation via 'npm i -g @fly-ai/flyai-cli' (and suggests 'sudo' if needed). Global npm installs can execute package install scripts and modify the system; asking an agent to perform this at runtime (and suggesting sudo) is a moderate-to-high risk and should be explicitly declared in metadata and reviewed before running.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a search/booking helper. However, because the skill's runbook logs CLI commands, requests, and results, those logs could contain sensitive details (dates, passenger names, queries). That implicit access to potentially sensitive data is not declared in requires.env.
Persistence & Privilege
The runbook explicitly directs creating persistent logs (.flyai-execution-log.json) if filesystem writes are available, introducing persistent storage of user queries and CLI outputs. Combined with runtime instructions to install a global npm package (potentially with sudo), this grants the skill the ability to persist data and change the host environment — a privilege that should be made explicit and limited.
What to consider before installing
This skill appears to do what it says (wraps a flyai CLI) but has a few red flags you should consider before installing or running it: 1) Metadata omits the required CLI; SKILL.md requires installing @fly-ai/flyai-cli globally at runtime — verify the package's source (npm page, repo, maintainers) before installing. 2) The runbook tells the agent to persist detailed execution logs (.flyai-execution-log.json) which may contain user queries or PII; decide whether you want those written to disk. 3) SKILL.md/fallbacks suggest using 'sudo npm i -g' if install fails — avoid running sudo installs unless you trust and have reviewed the package. 4) Prefer to install and vet the flyai CLI yourself (in a sandbox or VM), run searches locally, and provide sanitized outputs to the agent rather than allowing the agent to install packages or write persistent logs. 5) Ask the publisher for a homepage/repository link or the CLI source code so you can audit the package and confirm the 'Powered by flyai' claim. If you cannot verify the CLI package or you want to avoid persistent logs/global installs, treat this skill as risky.Like a lobster shell, security has layers — review code before you run it.
bookingvk978dnrjd1xq9ja4ns8c1qqagx84gr6rflyaivk978dnrjd1xq9ja4ns8c1qqagx84gr6rlatestvk978dnrjd1xq9ja4ns8c1qqagx84gr6rtravelvk978dnrjd1xq9ja4ns8c1qqagx84gr6r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.