flyai-multi-airport-radar Security Report — Low Risk | ClawSafe

10 /100

flyai-multi-airport-radar

同城不同价·多机场比价雷达 — multi-airport flight price comparison radar for Fliggy (飞猪) travel platform

Entirely documentation-based skill with no executable scripts; declared shell usage via npm-installed CLI is legitimate travel tool behavior, but TLS verification bypass is a minor concern.

Skill Nameflyai-multi-airport-radar

Duration35.2s

Enginepi

✓

Safe to install

Approve with caveats: verify the @fly-ai/flyai-cli npm package integrity before use, and consider removing NODE_TLS_REJECT_UNAUTHORIZED=0 in production environments.

Findings 2 items

Severity	Finding	Location
Low	NODE_TLS_REJECT_UNAUTHORIZED=0 disables TLS certificate verification Sensitive Access workflow.md instructs the AI to set NODE_TLS_REJECT_UNAUTHORIZED=0 before calling flyai CLI, which disables SSL/TLS certificate validation for all outbound HTTPS connections. This exposes the user to man-in-the-middle attacks and is generally considered insecure practice in production environments. `NODE_TLS_REJECT_UNAUTHORIZED=0 flyai search-flight` → Remove NODE_TLS_REJECT_UNAUTHORIZED=0 unless communicating exclusively with known-internal APIs. If TLS inspection/proxy is the reason, document it clearly and restrict to specific hosts.	`reference/workflow.md:46`
Low	SKILL.md frontmatter does not declare shell:WRITE permission Doc Mismatch The SKILL.md frontmatter (name, description) does not include any 'allowedTools' declaration. The skill's actual behavior involves shell execution via Bash (npm install, flyai CLI), but this is only discoverable by reading reference/workflow.md. `name: flyai-multi-airport-radar description: 同城不同价·多机场比价雷达...` → Add allowedTools to SKILL.md frontmatter: Bash (shell:WRITE) should be declared since the skill runs npm install and CLI commands.	`SKILL.md:1`

Resource	Declared	Inferred	Status	Evidence
Shell	`WRITE`	`WRITE`	✓ Aligned	workflow.md: npm install + flyai CLI invocations
Filesystem	`READ`	`READ`	✓ Aligned	user-profile-storage.md: read ~/.flyai/user-profile.md
Network	`READ`	`READ`	✓ Aligned	tools.md: flyai CLI calls Fliggy API
Environment	`NONE`	`READ`	✓ Aligned	workflow.md: NODE_TLS_REJECT_UNAUTHORIZED=0 env var set inline
Skill Invoke	`NONE`	`READ`	✓ Aligned	advanced.md: cross-skill invocation references
Clipboard	`NONE`	`NONE`	—	N/A
Browser	`NONE`	`NONE`	—	N/A
Database	`NONE`	`NONE`	—	N/A

9 findings

🔗

Medium External URL 外部 URL

https://a.feizhu.com/xxxxx

SKILL.md:76

🔗

Medium External URL 外部 URL

https://a.feizhu.com/hotel/xxxxx

SKILL.md:77

🔗

Medium External URL 外部 URL

https://a.feizhu.com/poi/xxxxx

SKILL.md:78

🔗

Medium External URL 外部 URL

https://a.feizhu.com/yyyyy

reference/examples.md:55

🔗

Medium External URL 外部 URL

https://a.feizhu.com/zzzzz

reference/examples.md:61

🔗

Medium External URL 外部 URL

https://img.alicdn.com/...

reference/search-hotel.md:44

🔗

Medium External URL 外部 URL

https://img.alicdn.com/tfscom/...

reference/search-poi.md:32

🔗

Medium External URL 外部 URL

https://nodejs.org/

reference/workflow.md:19

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com

reference/workflow.md:21

File Tree

16 files · 38.8 KB · 1179 lines

Markdown 16f · 1179L

├─ ▾ 📁 reference

│ ├─ 📝 advanced.md Markdown 21L · 682 B

│ ├─ 📝 ai-search.md Markdown 26L · 659 B

│ ├─ 📝 error-handling.md Markdown 11L · 401 B

│ ├─ 📝 examples.md Markdown 82L · 3.4 KB

│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB

│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB

│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB

│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB

│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B

│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB

│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB

│ ├─ 📝 self-learning.md Markdown 19L · 450 B

│ ├─ 📝 tools.md Markdown 34L · 782 B

│ ├─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB

│ └─ 📝 workflow.md Markdown 264L · 10.4 KB

└─ 📝 SKILL.md Markdown 120L · 4.2 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`@fly-ai/flyai-cli`	`latest`	npm	No	Version not pinned, latest tag used; package should be verified before deployment
`@anthropic-ai/flyai-cli`	`latest`	npm	No	Referenced in tools.md but not used in workflow; version not pinned

Security Positives

✓ Entirely markdown-based skill — no executable scripts, no code to audit for backdoors

✓ All functionality comprehensively documented across 15 reference files

✓ No credential harvesting, key exfiltration, or credential enumeration observed

✓ No base64, eval(), or obfuscated code present anywhere

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env, credentials stores)

✓ No reverse shell, C2 communication, or data exfiltration channels detected

✓ No supply-chain risk — uses npm with @latest tag (could be pinned but not malicious)

✓ Filesystem access is minimal and scoped to ~/.flyai/user-profile.md

✓ Memory system uses declared search_memory/update_memory tools, no secret data collection

Scan Report

Findings 2 items

File Tree

Dependencies 2 items

Security Positives