Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hot Springs
v3.2.0Find natural hot springs and thermal baths — outdoor pools, private onsen, medicinal springs, and spa complexes. Also supports: flight booking, hotel reserva...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's public description lists many travel features (flights, hotels, insurance, bookings) but the runtime instructions and commands only implement POI search and booking links via the flyai CLI. No credentials or APIs are requested for booking/flight flows, so the broader capabilities in the description are not implemented or documented here — this mismatch could be sloppy documentation or an incomplete skill.
Instruction Scope
SKILL.md forces the agent to only use the flyai CLI for answers, to install that CLI if missing, and to re-run until every result includes a [Book]({detailUrl}) link. The runbook also instructs appending an execution log to .flyai-execution-log.json when filesystem writes are available, which causes persistent local storage of user queries/commands and CLI results. There are also contradictory lines (e.g., "Use `detailUrl` for booking links. Never use `detailUrl`.") and strict self-test loops that could create repeated execution attempts. These behaviors expand the skill's scope to installing software, accessing the filesystem, and persisting logs — all beyond a simple query responder.
Install Mechanism
No formal install spec is provided, but the instructions mandate running npm i -g @fly-ai/flyai-cli if flyai is missing. A global npm install runs third-party code with elevated scope on the host and can execute install scripts; the package name looks plausible but its provenance is unknown in this bundle. This is a moderate-risk action compared with instruction-only skills that do not install software.
Credentials
The skill requests no environment variables or credentials, which is proportional to the documented CLI-based POI searches. However, the description claims booking and flight features without requesting typical booking credentials or payment integration, creating ambiguity about how bookings are performed.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated agent privileges, but the runbook explicitly suggests persisting an execution log file (.flyai-execution-log.json) to disk if filesystem writes are available. That persistence is optional but should be considered a privacy risk because logs may contain user queries and CLI output.
What to consider before installing
Before installing or enabling this skill: 1) Verify the provenance of the npm package @fly-ai/flyai-cli (check the npm registry page, maintainer identity, and source repo) — a global npm install runs third-party code on your machine. 2) Confirm you are comfortable with the skill writing an execution log (.flyai-execution-log.json) to disk (it may contain user queries and CLI results); if not, disallow filesystem writes or ask the maintainer to remove persistent logging. 3) Ask the skill author to resolve contradictory instructions (the detailUrl contradiction) and to clarify how booking/flight features work and whether additional credentials are needed. 4) If you install the CLI, audit its network activity and install scripts in a safe environment first (sandbox/VM). 5) If you want minimal risk, use the agent without this skill or request an instruction-only variant that does not require installing a global CLI or writing logs.Like a lobster shell, security has layers — review code before you run it.
latestvk977abtp6ccv8v3ygmsa0699zh84hy9f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.