Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Test
v3.2.0Hire a private car with driver for customized day tours — visit multiple attractions at your own pace without the hassle of public transport. Also supports:...
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill claims to book private cars (and related travel services) and its runtime instructions consistently use a vendor CLI (flyai/flyai-cli), so the capability requested (calling a booking CLI) is plausible. However the SKILL.md references many supporting files (references/*.md) that are not included, and the metadata declares no homepage or source — reducing transparency. Also the description lists many additional services (flights, hotels, visas) beyond the 'private car' name; this expanded scope is plausible but not documented in the skill metadata or credential requirements.
Instruction Scope
The SKILL.md explicitly instructs the agent to install and run an external npm package (npm i -g @fly-ai/flyai-cli) and to only answer from that CLI's output. It also references local reference files (references/templates.md, playbooks.md, fallbacks.md, runbook.md) that are not included in the skill bundle. The document enforces re-execution until outputs contain specific links, which could cause repeated installs/CLI calls. The instructions do not explain authentication for the CLI or how booking confirmations are authorized.
Install Mechanism
There is no declared install spec in the registry metadata, yet the runtime instructions require running a global npm install (npm i -g @fly-ai/flyai-cli). Installing a global npm package at runtime downloads and executes code from the npm registry (moderate risk). The SKILL.md does not provide a package homepage, checksum, or verification guidance.
Credentials
The skill declares no required environment variables or credentials, but performing live bookings via a CLI typically requires authentication (API key, account login) and possibly payment credentials. The absence of any declared auth requirements is a mismatch: either the CLI uses locally-stored credentials (not documented) or the skill assumes the host already has an authenticated flyai CLI. This lack of clarity increases risk and operational ambiguity.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges in the metadata. It does require installing a global npm package when run (per SKILL.md), which modifies the environment, but the skill does not declare modifications to other skills or system config. Autonomous invocation is allowed (platform default) but not by itself a new concern here.
What to consider before installing
Proceed with caution. The skill asks the agent to install and run @fly-ai/flyai-cli from npm at runtime but provides no homepage, source repository, or information about how the CLI authenticates or which accounts/payment methods it will use. Before installing or using this skill you should: 1) Ask the publisher for the package's homepage or GitHub repo and a checksum/signature so you can inspect the code; 2) Confirm how flyai-cli authenticates (does it require API keys, OAuth, or interactive login?) and which credentials it will access; 3) Prefer installing and testing the CLI manually in an isolated/sandbox environment (not on production) and review what network endpoints it contacts; 4) Request the missing reference files (references/*.md) or a full runbook so you know exactly what the skill will do; 5) If you cannot verify the package provenance, do not run the npm install globally on machines with sensitive data — consider running in a disposable container or VM instead. These gaps make the skill suspicious rather than clearly benign.Like a lobster shell, security has layers — review code before you run it.
latestvk9702ayae2p3v1dekkkrn8vat184nvqg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.