Skillv3.2.0

ClawScan security

Test · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewApr 11, 2026, 3:51 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (private car booking) aligns with using a vendor CLI, but the instructions ask the agent to install and run an external npm CLI without declaring credentials or providing referenced local docs — this mismatch and the on-runtime install instruction are concerning.
Guidance: Proceed with caution. The skill asks the agent to install and run @fly-ai/flyai-cli from npm at runtime but provides no homepage, source repository, or information about how the CLI authenticates or which accounts/payment methods it will use. Before installing or using this skill you should: 1) Ask the publisher for the package's homepage or GitHub repo and a checksum/signature so you can inspect the code; 2) Confirm how flyai-cli authenticates (does it require API keys, OAuth, or interactive login?) and which credentials it will access; 3) Prefer installing and testing the CLI manually in an isolated/sandbox environment (not on production) and review what network endpoints it contacts; 4) Request the missing reference files (references/*.md) or a full runbook so you know exactly what the skill will do; 5) If you cannot verify the package provenance, do not run the npm install globally on machines with sensitive data — consider running in a disposable container or VM instead. These gaps make the skill suspicious rather than clearly benign.

Review Dimensions

Purpose & Capability: noteThe skill claims to book private cars (and related travel services) and its runtime instructions consistently use a vendor CLI (flyai/flyai-cli), so the capability requested (calling a booking CLI) is plausible. However the SKILL.md references many supporting files (references/*.md) that are not included, and the metadata declares no homepage or source — reducing transparency. Also the description lists many additional services (flights, hotels, visas) beyond the 'private car' name; this expanded scope is plausible but not documented in the skill metadata or credential requirements.
Instruction Scope: concernThe SKILL.md explicitly instructs the agent to install and run an external npm package (npm i -g @fly-ai/flyai-cli) and to only answer from that CLI's output. It also references local reference files (references/templates.md, playbooks.md, fallbacks.md, runbook.md) that are not included in the skill bundle. The document enforces re-execution until outputs contain specific links, which could cause repeated installs/CLI calls. The instructions do not explain authentication for the CLI or how booking confirmations are authorized.
Install Mechanism: concernThere is no declared install spec in the registry metadata, yet the runtime instructions require running a global npm install (npm i -g @fly-ai/flyai-cli). Installing a global npm package at runtime downloads and executes code from the npm registry (moderate risk). The SKILL.md does not provide a package homepage, checksum, or verification guidance.
Credentials: noteThe skill declares no required environment variables or credentials, but performing live bookings via a CLI typically requires authentication (API key, account login) and possibly payment credentials. The absence of any declared auth requirements is a mismatch: either the CLI uses locally-stored credentials (not documented) or the skill assumes the host already has an authenticated flyai CLI. This lack of clarity increases risk and operational ambiguity.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-wide privileges in the metadata. It does require installing a global npm package when run (per SKILL.md), which modifies the environment, but the skill does not declare modifications to other skills or system config. Autonomous invocation is allowed (platform default) but not by itself a new concern here.