Skillv3.2.0

ClawScan security

last-seat-flight · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 24, 2026, 9:09 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions are consistent with a CLI-based flight search/booking helper, but it relies on installing and running a third-party npm CLI at runtime which carries non-trivial risk and should be vetted before use.
Guidance: This skill appears to do what it says (it runs a flight-search CLI and formats booking links) but at runtime it may install and execute a third‑party npm package (@fly-ai/flyai-cli). Installing global npm packages can run arbitrary code and access the network. Before installing or letting an agent run this skill: 1) verify the @fly-ai/flyai-cli package on npmjs.com (publisher, homepage, maintainers, recent releases, and source repo); 2) prefer that you or an administrator install the CLI in a controlled environment (or decline the global install) rather than allowing the agent to install it autonomously; 3) run the package in a sandbox or VM if possible; 4) confirm that generated booking links (detailUrl) point to legitimate vendor domains before clicking or sharing payment info. If you cannot verify the CLI package, treat this skill as higher risk and avoid granting it runtime installation privileges.

Review Dimensions

Purpose & Capability: okThe name/description (last-seat flight search and booking) align with the instructions: all queries are to be satisfied by the flyai CLI. There are no unrelated credential requests or unrelated binaries required.
Instruction Scope: okThe SKILL.md restricts the agent to gather data only by running the flyai CLI, enforces parameter usage, and does not instruct reading arbitrary files, environment variables, or contacting unknown endpoints. It does require installing and executing a third-party CLI when not present, but otherwise keeps scope limited to constructing CLI calls and formatting results.
Install Mechanism: concernAlthough no install spec is published in the registry, the runtime instructions explicitly tell the agent to run `npm i -g @fly-ai/flyai-cli` when `flyai` is missing. Installing a global npm package at runtime downloads and executes third-party code on the host and can run arbitrary scripts — this is expected for a CLI-based skill but carries real risk and should be validated (publisher, package contents, permissions, and trustworthiness).
Credentials: okThe skill requests no environment variables, no credentials, and no config paths, which is appropriate for a CLI-only search/booking helper. Note: it implicitly requires the ability to run shell commands and network access for npm and the CLI.
Persistence & Privilege: okThe skill is not marked always:true, does not demand persistent system-wide changes beyond an optional global npm install, and does not request changes to other skills or system configuration. Autonomous invocation is allowed by default (normal) but not exceptional here.