FlyAI — Travel, Flight & Hotel Search and Booking
Security checks across malware telemetry and agentic risk
Overview
FlyAI is a coherent travel-search integration, but users should notice that it installs an external npm CLI, may use an optional API key, and sends travel queries to an external Fliggy/FlyAI service.
This appears reasonable for travel search. Before installing, verify the npm package source, understand that travel queries may be sent to FlyAI/Fliggy, and only configure an API key if you trust the provider.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the CLI gives external package code a place on the user's system as a globally available command.
The skill depends on installing an external global npm CLI package. This is disclosed and central to the travel-search purpose, but users should verify the package source before installing.
Install CLI:`npm i -g @fly-ai/flyai-cli`
Install only if you trust the FlyAI npm package and publisher, and prefer a trusted package manager/source verification process.
If configured, the CLI may store and use a FlyAI API key to access enhanced service results.
The artifact discloses an optional API key used for enhanced results. This is expected for a provider integration, but the key is a sensitive credential.
For enhanced results, configure optional APIs: ```flyai config set FLYAI_API_KEY "your-key"```
Use a dedicated key with the minimum needed scope if available, avoid sharing it in chat, and rotate it if you suspect exposure.
Travel plans and search preferences may be sent to FlyAI/Fliggy services to retrieve results.
The skill clearly states that it uses an external MCP/provider service. Travel searches may include destinations, dates, budgets, and preferences, so users should be aware that those query details can leave the local chat context.
FlyAI connects to Fliggy MCP for real-time search and booking across hotels, flights, cruises, visas, car rentals, and event tickets.
Avoid including unnecessary sensitive personal, payment, passport, or account details in search queries unless you intend to share them with the provider.