Skillvv3.2.4

ClawScan security

International Flights · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 9, 2026, 8:56 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill is internally coherent for wrapping a 3rd‑party CLI (flyai-cli) to fetch live flight + visa data, but it instructs global npm installs and local logging of raw queries which raises privacy and install-supply-chain concerns you should review before installing.
Guidance: This skill appears to be what it claims (a wrapper around a flyai CLI) but has a few practical risks you should consider before installing: - Review the flyai CLI package before installing: the skill tells agents to run `npm i -g @fly-ai/flyai-cli`. A global npm install runs third-party code with the installing user's privileges and will add system-wide binaries; verify the npm package, its maintainer, and its source (GitHub repo/releases) first. - Be prepared for a possible sudo requirement: global installs on some systems need elevated privileges. Do not run installs you can't audit. - Logs may be written to disk: the runbook explicitly suggests appending an execution log (.flyai-execution-log.json) containing the raw user_query and command details. If you or users may send sensitive data (passport numbers, personal details), these can be persisted. Consider disabling or redirecting logs, or ensuring the agent environment is ephemeral. - The skill does not request credentials, but the flyai CLI might: check what auth the CLI requires and where it stores tokens before proceeding. - If you want to proceed: install the CLI manually after inspecting its repository and package contents, and configure logging/permissions to avoid persisting sensitive input. If you are not comfortable auditing the npm package, avoid installing the skill.

Review Dimensions

Purpose & Capability: okThe name/description match the runtime instructions: the skill delegates searches to a flyai CLI and then formats results and visa info. It does not request unrelated credentials or binaries in the manifest — requiring the flyai-cli is consistent with the stated purpose.
Instruction Scope: concernSKILL.md mandates always using flyai CLI output (never use training data) and prescribes exact commands and output rules — this is consistent but also prescriptive. The runbook instructs writing an execution log that includes raw user_query and full command details to .flyai-execution-log.json if filesystem writes are available, which can persist sensitive user input or PII. The skill also enforces re-execution until every result contains booking links, which could cause repeated network/CLI calls. These behaviors expand scope from ‘just query flight API’ to local persistence and potentially repeated network activity.
Install Mechanism: noteThis is an instruction-only skill (no install spec), but SKILL.md tells the agent to run npm i -g @fly-ai/flyai-cli if flyai is missing. Installing a global npm package (possibly with sudo) is a moderate supply-chain risk: the package code will run on the host, create system-level binaries, and come from the public npm registry. That is expected for a CLI wrapper, but you should verify the package source and publisher before installing.
Credentials: noteThe skill declares no required environment variables or credentials, which is proportionate. However, the flyai CLI itself may prompt for or use credentials (not declared here), and the skill’s runbook logs raw queries — meaning secret or personal data a user types could be recorded even though the skill does not explicitly request secrets.
Persistence & Privilege: concernalways:false and normal autonomous invocation are fine. Concern arises from explicit instructions to append execution logs to .flyai-execution-log.json (if writable). That creates local persistent records containing user queries, commands, timestamps and possibly booking links — a privacy risk. The skill also instructs global npm installs which alter system state and may require elevated privileges.