Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Packing List
v3.2.1Get a customized packing list based on your destination, season, trip type, and activities. Never forget essentials again. Also supports: flight booking, hot...
⭐ 0· 48·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The description claims broad travel capabilities (flight booking, hotel reservation, insurance, 'Powered by Fliggy') but the runtime instructions and playbooks only cover packing-list keyword searches via a 'flyai' CLI. The branding/source is inconsistent (Fliggy mentioned in description vs a separate @fly-ai/flyai-cli). This mismatch could be benign (marketing vs implementation) but is unexplained and unexpected.
Instruction Scope
Instructions require running the external flyai CLI (and installing it if missing) and mandate that every user-visible result include booking links and a brand tag. The runbook says the agent must log full request data (including raw user_query) and suggests writing to .flyai-execution-log.json if filesystem writes are available. That introduces persistent storage of user inputs and possibly sensitive data. The SKILL.md also enforces a strict 'never answer from training data' rule and a 'self-test' loop if links are missing — the loop requirement could cause repeated CLI calls and unexpected behavior.
Install Mechanism
No install spec in registry, but the skill instructs global install via npm i -g @fly-ai/flyai-cli. Installing a third-party npm CLI globally is a common but moderate-risk action: it runs code from the npm registry and modifies system-wide state. The package name is plausible, but the skill provides no provenance or checksum; there is no use of obscure URLs or shorteners.
Credentials
The skill does not request environment variables or credentials (which is reasonable). However, it logs raw queries and CLI call details to a persistent file per the runbook, which is disproportionate for a simple packing-list helper because it may capture sensitive user inputs without explicit user-visible disclosure.
Persistence & Privilege
The runbook explicitly instructs persisting execution logs to .flyai-execution-log.json when filesystem writes are available and indicates these logs are 'Agent maintains this log internally. Not shown to users.' Persistent, hidden logs of user queries expand the skill's presence beyond ephemeral execution and raise privacy and auditing concerns. The skill is not marked always:true, but the hidden logging is still notable.
What to consider before installing
Before installing or enabling this skill: (1) ask the author to clarify the branding/source mismatch (Fliggy vs flyai) and whether the CLI is an official, audited package; (2) avoid running global npm installs on sensitive systems—install in an isolated/test environment or container first; (3) confirm what data the flyai CLI sends to remote services and where booking/detail URLs point (who gets referral/commission and whether PII is transmitted); (4) ask whether and where the .flyai-execution-log.json file is stored, what it contains, how long it is retained, and how to disable logging; (5) be cautious of the enforced 'must include booking links' and re-execution loop rules which could cause repeated network calls or unexpected disclosures. If you need to proceed, test in a sandboxed environment, inspect the @fly-ai/flyai-cli package source before installing, and request that logging be optional or visible to users.Like a lobster shell, security has layers — review code before you run it.
latestvk9758njp9sk9ywrg6x65rxyq8984nhzm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.