fly-flight 安全扫描报告 — 可信 | ClawSafe

5 /100

fly-flight

China domestic flight and high-speed rail transport lookup skill via public web sources and 12306 official endpoints

A legitimate China domestic transport query skill (flights + trains) that makes documented HTTP requests to public endpoints with no malicious behavior, credential access, or data exfiltration.

技能名称fly-flight

分析耗时41.6s

引擎pi

✓

可以安装

No blocking action needed. The skill is safe for deployment.

安全发现 2 项

严重性	安全发现	位置
低危	Node.js invocation not explicitly called out in SKILL.md 文档欺骗 SKILL.md declares 'node' as a runtime dependency but does not explicitly document that flight mode spawns a 'node extract_tongcheng_state.js' subprocess. The dependency is listed and the tool is well-known, so this is a minor doc gap with no security impact. `subprocess.run(['node', str(script_path)], input=html, capture_output=True, text=True, check=False)` → Consider adding a brief note in SKILL.md: 'Flight mode internally invokes a node script for HTML extraction'.	`scripts/providers/flight_public_service.py:63`
低危	Local HTTP server binds to all interfaces by default 敏感访问 The serve command defaults to --host 127.0.0.1 (correct) but the transport_service.py server binds there. This is benign for localhost use. `DEFAULT_HOST = '127.0.0.1'` → No action needed. Binding to localhost is appropriate.	`scripts/transport_service.py:24`

资源类型	声明权限	推断权限	状态	证据
网络访问	`READ`	`READ`	✓ 一致	flight_public_service.py:74-76 fetches ly.com; train_public_service.py:45-47 fet…
文件系统	`READ`	`READ`	✓ 一致	flight_public_service.py:18 reads local JSON data files; sample state files read…
命令执行	`NONE`	`READ`	✓ 一致	flight_public_service.py:63-68 invokes 'node extract_tongcheng_state.js' — node …
环境变量	`NONE`	`NONE`	—	No os.environ access found anywhere
剪贴板	`NONE`	`NONE`	—	Not used
浏览器	`NONE`	`NONE`	—	Not used
数据库	`NONE`	`NONE`	—	Not used
技能调用	`NONE`	`NONE`	—	No skill-invocation or inter-skill calls found

8 项发现

🔗

中危外部 URL 外部 URL

https://www.ly.com/flights/

README.md:78

🔗

中危外部 URL 外部 URL

https://kyfw.12306.cn/

README.md:83

🔗

中危外部 URL 外部 URL

https://www.ly.com/flights/itinerary/oneway/

references/provider-public-web.md:6

🔗

中危外部 URL 外部 URL

https://www.ly.com/flights/itinerary/oneway/BJS-SHA?date=2026-03-20

references/provider-public-web.md:7

🔗

中危外部 URL 外部 URL

https://kyfw.12306.cn/otn/resources/js/framework/station_name.js?station_version=1.9367

scripts/providers/train_public_service.py:20

🔗

中危外部 URL 外部 URL

https://kyfw.12306.cn/otn/leftTicket/queryG

scripts/providers/train_public_service.py:21

🔗

中危外部 URL 外部 URL

https://kyfw.12306.cn/otn/leftTicket/init?linktypeid=dc

scripts/providers/train_public_service.py:22

🔗

中危外部 URL 外部 URL

https://kyfw.12306.cn/otn/leftTicketPrice/queryAllPublicPrice

scripts/providers/train_public_service.py:23

目录结构

17 文件 · 70.4 KB · 2063 行

Python 6f · 1275L JSON 6f · 378L Markdown 3f · 377L JavaScript 1f · 29L YAML 1f · 4L

├─ ▾ 📁 agents

│ └─ 📋 openai.yaml YAML 4L · 328 B

├─ ▾ 📁 assets

│ ├─ ▾ 📁 data

│ │ ├─ 📋 airport_aliases.json JSON 74L · 2.0 KB

│ │ └─ 📋 domestic_city_codes.json JSON 160L · 3.4 KB

│ ├─ 📋 sample-provider-response.json JSON 45L · 1.2 KB

│ ├─ 📋 sample-public-state.json JSON 45L · 1.3 KB

│ ├─ 📋 sample-train-price.json JSON 38L · 970 B

│ └─ 📋 sample-train-query.json JSON 16L · 513 B

├─ ▾ 📁 references

│ └─ 📝 provider-public-web.md Markdown 22L · 829 B

├─ ▾ 📁 scripts

│ ├─ ▾ 📁 providers

│ │ ├─ 🐍 __init__.py Python 1L · 62 B

│ │ ├─ 🐍 flight_public_service.py Python 353L · 12.1 KB

│ │ └─ 🐍 train_public_service.py Python 503L · 17.1 KB

│ ├─ 🐍 domestic_flight_public_service.py Python 96L · 4.3 KB

│ ├─ 📜 extract_tongcheng_state.js JavaScript 29L · 721 B

│ ├─ 🐍 test_domestic_flight_public_service.py Python 128L · 3.5 KB

│ └─ 🐍 transport_service.py Python 194L · 9.7 KB

├─ 📝 README.md Markdown 249L · 7.8 KB

└─ 📝 SKILL.md Markdown 106L · 4.7 KB

安全亮点

✓ No credential harvesting — no access to ~/.ssh, ~/.aws, .env, or os.environ

✓ No data exfiltration — all network calls are to documented, legitimate transport query endpoints (ly.com, 12306.cn)

✓ No obfuscation — no base64, eval(), or dynamic code generation found

✓ No reverse shell, C2, or persistence mechanisms

✓ No supply chain risks — no external dependencies declared, only python3 and node runtime tools

✓ All network destinations are explicitly documented in SKILL.md and README.md

✓ Sample data files are used only as test fixtures, not loaded dynamically from untrusted sources

✓ SSL context is properly configured for 12306 HTTPS calls

✓ No arbitrary file writes — filesystem access is read-only (loading local JSON data files)

✓ The node subprocess executes a fixed script path within the skill directory, not arbitrary user input