Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Onsen Hotel
v3.2.1Book hotels with genuine hot spring baths — natural onsen pools, private hot spring rooms, and Japanese-style ryokan experiences. Also supports: flight booki...
⭐ 0· 45·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The skill's purpose (finding and booking onsen hotels) aligns with the CLI commands it mandates (flyai search-hotel / search-poi). It does not request unrelated credentials or binaries. Note: the skill relies entirely on the third-party flyai CLI (npm package @fly-ai/flyai-cli) for data and does not declare how authentication is handled (likely via the CLI), so users should expect interactive auth or locally-stored credentials.
Instruction Scope
All runtime instructions stay within the booking domain and require running specific flyai CLI commands; they explicitly forbid answering from training data. The runbook instructs the agent to persist an execution log (.flyai-execution-log.json) if filesystem writes are available. This log may include user queries and CLI results — a privacy consideration but not out of scope for the skill.
Install Mechanism
There is no packaged install spec in the registry, but the SKILL.md requires installing an npm package globally (npm i -g @fly-ai/flyai-cli). Installing a third-party npm CLI is a reasonable approach for a CLI-driven skill, but it is moderate risk compared to instruction-only skills because the external package's behavior and trustworthiness matter.
Credentials
The skill declares no environment variables or credentials, which is consistent with delegating auth to the flyai CLI. There are no requests for unrelated secrets or system config. Be aware the CLI itself may prompt for or store credentials locally; that behavior is external to the skill.
Persistence & Privilege
The skill does not request elevated privileges or 'always' presence. It does instruct writing an execution log to the working directory if possible; writing its own log is reasonable but may persist user queries/outputs without explicit per-request consent. This is a privacy/retention concern rather than a capability mismatch.
Scan Findings in Context
[no_code_files_to_scan] expected: The regex-based scanner had no code files to analyze; this is expected because the skill is instruction-only (SKILL.md and reference docs). Absence of findings does not guarantee safety — the runtime depends on an external npm CLI.
Assessment
This skill is coherent for booking onsen hotels but relies on a third-party npm CLI (@fly-ai/flyai-cli) and may write an execution log to your working directory. Before installing or running: (1) verify the npm package source and reputation (npm/GitHub) and prefer installing in an isolated environment if unsure; (2) be prepared for the CLI to prompt for authentication or store credentials locally; (3) know that the skill may persist .flyai-execution-log.json containing queries and results — inspect or disable this behavior if you don't want local logs; (4) confirm booking links are the detailUrl returned by the CLI as required. If any of these are unacceptable, do not install/run the CLI or run it in a sandbox/container.Like a lobster shell, security has layers — review code before you run it.
latestvk978ckea3pj73y9b8zn7hc09sd84n8kz
License
MIT-0
Free to use, modify, and redistribute. No attribution required.