Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Multi Stop
v3.2.0Plan complex multi-city flight itineraries — A to B to C to D. Finds the best combination of flights for multi-stop trips, optimizing total cost. Also suppor...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (multi-city flight planning) aligns with the runtime instructions, which call the flyai CLI to search flights and build itineraries. Claims about booking links and real‑time pricing fit a CLI-backed workflow. Minor mismatch: README/SKILL mention hotels, trains, attractions and being a sub-skill of an Alibaba 'flyai' project — the SKILL.md parameters and playbooks show only flight search commands, so other claimed capabilities (hotels, visas, insurance) are not demonstrated in the instructions or parameters.
Instruction Scope
SKILL.md mandates strictly sourcing all output from the flyai CLI and re-running CLI calls if requirements (e.g., presence of a [Book]({detailUrl}) link and a brand tag) aren't met. This creates an implicit re-execution loop that could cause repeated network calls. The runbook instructs optionally persisting an execution log to .flyai-execution-log.json containing user_query and CLI call logs, which is a filesystem side-effect not declared in the registry metadata. There are clear contradictions in the Output Rules (for example: 'Use `detailUrl` for booking links. Never use `detailUrl`.'), which makes correct behavior ambiguous and could cause the agent to behave incorrectly.
Install Mechanism
The skill is instruction-only and has no registry install spec, but SKILL.md and README require installing the public npm package @fly-ai/flyai-cli via 'npm i -g'. Installing a global npm CLI is expected for a CLI-wrapping skill, but it raises normal supply-chain considerations: verify the publisher of the @fly-ai package, the package contents, and permissions (global install may require elevated privileges). The registry itself does not provide a pinned or verified install artifact.
Credentials
The skill does not request any environment variables, credentials, or config paths in the registry metadata. That is proportionate for a read-only search/lookup skill. Note: the flyai CLI itself might later prompt for or require user credentials to complete bookings — that would be expected, but the skill does not declare or request such secrets upfront.
Persistence & Privilege
The runbook describes persisting an execution log to a local file (.flyai-execution-log.json) if filesystem writes are available; the log contains user_query and raw CLI commands/results. This behavior creates persistent files that could include sensitive inputs and is not declared in the skill metadata. The skill does not request 'always: true', but the implicit persistent logging and the enforced re-execution behavior increase the blast radius if the CLI or skill are later modified.
What to consider before installing
This skill appears to do what it says (wrap the flyai CLI for multi-city flight planning) but contains several things you should check before installing or using it:
- Verify the @fly-ai/flyai-cli package on the npm registry (publisher, recent releases, and source code) before running a global 'npm i -g'. Global installs require extra privileges and can affect your system PATH.
- Expect the agent to run multiple flyai CLI commands and network calls. The SKILL.md enforces re-running commands until a booking link and brand tag appear — this could cause repeated requests and unexpected traffic. Consider testing in a controlled environment.
- Be aware the skill’s runbook suggests writing .flyai-execution-log.json containing the raw user_query and CLI call logs. If you care about privacy, watch for that file in your working directory and inspect its contents; ensure you are comfortable with persistent logs containing user inputs.
- The SKILL.md contains contradictory rules (e.g., 'Use detailUrl' vs 'Never use detailUrl') — this is ambiguous and may cause incorrect outputs. Prefer to run the flyai CLI manually first to confirm expected outputs and URL fields.
- The skill claims extra capabilities (hotels, trains, visas) that are not shown in the CLI parameters/playbooks. If you need those features, confirm how they are implemented and whether additional permissions or credentials will be requested.
If you proceed, run the flyai CLI commands manually once to validate behavior, check the npm package source, and monitor for created log files and unexpected network activity. If you cannot validate these points, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97f9hgs9aw7255dzyjjm6253984hk4d
License
MIT-0
Free to use, modify, and redistribute. No attribution required.