Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Night Market Guide
v3.2.0Find night markets, food streets, and local culinary hotspots. Discover street food, local specialties, and the best evening food experiences. Also supports:...
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (find night markets / food streets) aligns with the CLI commands shown (flyai search-poi). However the description also claims many extra travel features (flight booking, hotels, travel insurance, 'powered by Fliggy') that are not supported or justified by the SKILL.md commands or by any declared credentials. The extra capabilities are disproportionate to the visible instructions.
Instruction Scope
The SKILL.md mandates that every answer must come from the flyai CLI output and instructs the agent to install and run npm i -g @fly-ai/flyai-cli if the CLI is missing. It also references several local doc files (references/*.md) that are not present in the skill manifest. The file-missing and the strict re-execution/self-test rules (requiring a [Book]({detailUrl}) link and re-running on any deviation) could force repeated installs/external calls or create an execution loop. The rule 'NEVER answer from training data' gives the agent no fallback and could lead to failure or repeated network activity.
Install Mechanism
Although the registry metadata has no formal install spec, the runtime instructions require a global npm install of @fly-ai/flyai-cli. Installing an unvetted global npm package is potentially high-impact (writes to disk, installs binaries that will be invoked). The SKILL.md provides no pinned version, no source verification, and no alternative validated install path, which is disproportionate for a simple lookup skill.
Credentials
The skill declares no required environment variables or credentials, which is good. However it advertises booking and Fliggy-powered capabilities that normally require API credentials, yet no credential fields or instructions for authentication are declared. The flyai CLI itself may prompt for or require credentials at runtime — this is not surfaced in the manifest and could lead to unexpected credential entry.
Persistence & Privilege
The skill is not always-on and does not request elevated platform privileges. That said, its instructions involve installing a global CLI binary (npm i -g), which persists on the host outside the agent sandbox; this persistence is not declared in the registry install spec and is worth noting though it is not a direct skill-level permission request.
What to consider before installing
Key things to consider before installing: 1) The SKILL.md requires you to globally install and run @fly-ai/flyai-cli from npm at runtime — verify that package on the npm registry (author, weekly downloads, source repository, maintainers, and recent release) before allowing installation or run the CLI in a sandbox. 2) The skill advertises booking/Fliggy capabilities but declares no credentials; expect that the CLI may later prompt for API keys or account logins — don’t provide secrets until you verify the provider. 3) The skill references local docs that are not included, and enforces strict re-run/self-test behavior that could cause repeated network calls or installs; consider rejecting or sandboxing the install if you do not want external network activity. 4) If you still want to use it, test the flyai CLI manually in an isolated environment and inspect its code before granting the agent permission to execute global installs or network calls.Like a lobster shell, security has layers — review code before you run it.
latestvk978ae9mseps3ndjy1yv36zqas84m2mv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.