Back to skill
Skillv3.2.1
ClawScan security
Pet Hotel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 11, 2026, 1:39 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions broadly match a hotel-search purpose but contain inconsistencies and privacy/installation risks (global npm install of an unverified CLI, undisclosed on-disk logging, and a mismatched 'Fliggy' claim) that you should review before installing or enabling.
- Guidance
- Before installing or enabling this skill: 1) Verify the publisher and the @fly-ai/flyai-cli npm package (check the npm page, repository, and maintainer) rather than blindly running `npm i -g`. 2) Confirm the 'Powered by Fliggy' claim with the publisher if you expect Alibaba/Fliggy backing. 3) Be aware the runbook will persist logs to .flyai-execution-log.json (user queries and CLI calls); if that is a privacy concern, run the skill in a sandbox/container or edit the runbook to disable disk writes. 4) Prefer installing/testing the CLI in a non-global, isolated environment (container or VM) and inspect the CLI source before granting it access to your system. 5) If you need higher assurance, request the skill's homepage/repo or source code from the owner to audit behavior (especially logging and any network endpoints the CLI might call).
Review Dimensions
- Purpose & Capability
- noteThe skill's stated purpose (pet-friendly hotel search) aligns with the CLI-centric playbooks that call flyai search-hotel. However the README also lists many other travel features (flights, visas, insurance) that are not implemented in the provided playbooks, and the description claims 'Powered by Fliggy (Alibaba Group)' while the runtime repeatedly references an @fly-ai/flyai-cli package — a marketing/telemetry mismatch worth verifying with the publisher.
- Instruction Scope
- concernSKILL.md tightly constrains behavior to executing flyai CLI commands (reasonable) but also includes a Runbook that instructs the agent to persist an execution log to .flyai-execution-log.json (echo '{...}' >> .flyai-execution-log.json). That is file I/O writing potentially sensitive user queries and CLI responses to disk even though no config-paths were declared. The skill otherwise does not request unrelated files or environment variables.
- Install Mechanism
- noteThere is no formal install spec in registry metadata — installation is only in SKILL.md and instructs running `npm i -g @fly-ai/flyai-cli`. Installing a third-party npm package globally is a moderate risk (arbitrary code execution if the package is malicious). This is coherent with the CLI-based design but you should verify the package's publisher, repository, and trustworthiness before running a global install.
- Credentials
- noteThe skill requests no environment variables or credentials (good). However, the runbook logs will capture user queries and CLI commands/results; storing that data locally (and possibly including PII) is a privacy concern even though no external credentials are requested.
- Persistence & Privilege
- concernalways:false (normal), but the runbook explicitly tells the agent to append logs to .flyai-execution-log.json if file writes are available. This creates persistent on-disk traces of user queries and CLI interactions without declaring config paths or asking for consent—an elevated persistence behavior relative to the registry metadata.