Back to skill
Skillv3.2.0
ClawScan security
hongkong-macau · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 9, 2026, 7:24 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is internally consistent: it wraps an external CLI (flyai-cli) and its instructions, parameters, and templates align with the travel-planning purpose — but it requires installing and running a third-party CLI and persists execution logs, so review the external CLI before use.
- Guidance
- This skill is coherent with its stated purpose (it wraps the flyai CLI to return live booking links), but before installing or allowing an agent to run it: 1) Review the @fly-ai/flyai-cli package (npm page and source repo) to confirm the publisher and that it behaves as expected; 2) Be aware the agent may try to run npm i -g (global install) — only allow this if you trust the package source; 3) The runbook recommends writing logs to .flyai-execution-log.json, which will persist user queries and CLI output on disk — if that’s sensitive in your environment, block filesystem writes or inspect the log contents/process; 4) The skill enforces strict CLI-only answers and may re-run commands until booking links are present — this can lead to repeated network calls and retries; ensure network and rate limits are acceptable; 5) If you want stronger assurance, ask the skill author for the flyai-cli source URL or a pinned package version (or run the CLI in a sandbox) before granting execution.
Review Dimensions
- Purpose & Capability
- okThe name/description state a travel planner for Hong Kong and Macau and the SKILL.md consistently requires and orchestrates the flyai CLI for flights, hotels, POIs and booking links. No unrelated environment variables, binaries, or config paths are requested.
- Instruction Scope
- noteThe instructions mandate never answering from training data and always using flyai CLI output, require installing @fly-ai/flyai-cli if absent, and insist on re-execution until results include [Book] links. These are coherent with a real-time booking wrapper but create strong operational constraints (forced network/CLI usage, possible retry loops) and give the skill wide discretion to call the CLI and present only CLI-sourced data.
- Install Mechanism
- noteThe skill is instruction-only (no install spec) but instructs users/agents to run npm i -g @fly-ai/flyai-cli. Using a published npm package is a reasonable, common approach but does transfer trust to the external package; the skill itself does not include or vet that package or provide a fixed release URL.
- Credentials
- okNo environment variables, credentials, or config paths are requested by the skill. The runbook suggests writing an execution log if filesystem writes are available, but that is consistent with debugging/audit needs and does not require secrets.
- Persistence & Privilege
- notealways:false and no special privileges requested. The runbook includes an optional instruction to append an execution log to .flyai-execution-log.json if filesystem access exists, which is reasonable for an orchestration skill but does create persistent files containing user queries and CLI responses.