Skillv3.2.0

ClawScan security

military-leave · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 24, 2026, 9:09 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions are broadly plausible for a CLI-driven flight search, but there are multiple internal inconsistencies (provider claims vs CLI used, conflicting parameter defaults) and it instructs a global npm install — enough mismatch and operational risk that you should verify sources before trusting it.
Guidance: Plain-language checklist before you install/use this skill: - Provider mismatch: The description says 'Fliggy (Alibaba Group)' but every runtime step requires a 'flyai' CLI and branding. Ask the developer which service this actually uses and for authoritative documentation (homepage, repo, or vendor statement). - Verify the CLI package: The skill tells you to run 'npm i -g @fly-ai/flyai-cli' if flyai isn't present. Search the public npm registry and the package's repository to confirm the package's publisher, download counts, and source code before installing globally — global npm installs can modify your system and may require sudo. - Clarify inconsistent parameters: The SKILL.md contains contradictory examples/defaults for --sort-type and mappings for 'direct'. These inconsistencies could cause incorrect searches; request corrected, single-source parameter documentation or tests showing expected CLI behavior. - No secrets requested: The skill doesn't ask for API keys or credentials, which is good. But be aware the CLI itself may prompt for credentials or open a browser to authenticate — inspect the flyai CLI behavior before granting any secrets. - Because this is instruction-only (no code files/homepage provided), the static scanner had nothing to analyze — that doesn't mean safe. Prefer skills with a public repo or vendor homepage you can audit. Recommendations: 1) Ask the skill publisher for (a) the official homepage or repository for '@fly-ai/flyai-cli', (b) proof that the service is affiliated with Fliggy if that claim is important, and (c) a corrected SKILL.md that resolves the parameter inconsistencies. 2) If you decide to test, run the npm install and the flyai CLI in a sandbox or VM (not on a production machine) and inspect network calls and the package source. 3) If you cannot verify the CLI package or provider claims, do not install the global npm package or enable the skill.

Review Dimensions

Purpose & Capability: concernThe description claims 'powered by Fliggy (Alibaba Group)' but the runtime enforces use of a 'flyai' CLI and repeatedly requires 'Powered by flyai' branding — a mismatch in the declared provider. That discrepancy is unexplained and makes it unclear which external service the skill actually relies on.
Instruction Scope: concernSKILL.md tightly prescribes running the flyai CLI and never answering from training data, which is coherent in isolation, but there are contradictory parameter defaults and examples (e.g., prereq example uses --sort-type 2 while tables recommend default 3, multiple places map 'direct' to different sort-type values). The skill also mandates a re-execute self-test (responses must include booking links), which could force repeated CLI runs. No instructions reference reading unrelated files or env vars, but the contradictory rules reduce reliability.
Install Mechanism: concernThere is no formal install spec in the package, but the instructions direct automatic installation via 'npm i -g @fly-ai/flyai-cli' if the CLI is missing. A global npm install downloads and executes code from the public registry (moderate risk); the package name is not an obviously well-known vendor package and there is no homepage or checksum to verify authenticity.
Credentials: okThe skill requests no environment variables or credentials, which is proportionate to a CLI-driven flight search. There are no declared config paths or secret requests in the SKILL.md.
Persistence & Privilege: notealways:false and no system-level configuration changes are declared, so persistence/privilege requests are limited. However, the instruction to perform a global npm install may require elevated privileges (or will alter system-wide npm state), which is an operational privilege worth noting.