Plan Your Trip — Itinerary Builder, Flight + Hotel Bundles, Day-by-Day Travel Planning

What to consider before installing/using this skill: - The skill requires installing a third-party CLI package at runtime (npm i -g @fly-ai/flyai-cli). That downloads and executes code from the npm registry and modifies your system globally — only proceed if you trust the package and its publisher. Prefer manually installing and inspecting the package first. - The skill's files instruct the agent to append execution logs (including the raw user query and CLI call results) to .flyai-execution-log.json if filesystem writes are available. That log can contain personal data (destinations, dates, names). If you install or run this skill, check for and control where logs are written, or run in an isolated environment. - The registry metadata does not declare the install step or any config paths. Ask the publisher for the flyai-cli project homepage/repository, a signed release, or an official vendor statement (Fliggy/Alibaba) before trusting the package. - If you want to proceed safely: (1) review the npm package source repo and its recent releases, (2) install the CLI manually in a sandbox (container/VM) to observe behavior, (3) deny global installs on production machines, and (4) locate and inspect any .flyai-execution-log.json files and remove or secure them if they contain sensitive data. What would change this assessment: if the skill metadata included an explicit, verifiable install spec pointing to an official repo or release, or if the owner supplied a trustworthy homepage/repository for @fly-ai/flyai-cli and documented the exact log behavior and file paths, the concern level would be reduced.