flyai-pilgrimage-tour Security Report — Low Risk | ClawSafe

10 /100

flyai-pilgrimage-tour

影视/综艺/动漫同款打卡·圣地巡礼助手 - Travel planning skill for film/TV/anime filming location pilgrimages

This is a legitimate travel planning skill for film/TV/anime location pilgrimages with no malicious behavior detected.

Skill Nameflyai-pilgrimage-tour

Duration39.1s

Enginepi

✓

Safe to install

This skill is safe to use. The SSL bypass flag and shell commands are documented and standard for CLI tools.

Findings 1 items

Severity	Finding	Location
Low	SSL Certificate Verification Disabled Sensitive Access The skill instructs to use NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass SSL certificate verification. While documented, this is a minor security risk if the flyai service is compromised. `NODE_TLS_REJECT_UNAUTHORIZED=0 flyai keyword-search --query "[作品名称] 取景地"` → This is a common workaround for CLI tools with internal/CNAME-based services. Consider verifying the flyai CLI uses proper certificate validation by default.	`SKILL.md:42`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	~/.flyai/user-profile.md read/write for user preferences only
Shell	`WRITE`	`WRITE`	✓ Aligned	npm install -g @fly-ai/flyai-cli; flyai commands documented
Network	`READ`	`READ`	✓ Aligned	All network access via flyai CLI tool
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`NONE`	`NONE`	—	No sub-skill invocation
Clipboard	`NONE`	`NONE`	—	No clipboard access
Browser	`NONE`	`NONE`	—	No browser access
Database	`NONE`	`NONE`	—	No database access

4 findings

🔗

Medium External URL 外部 URL

https://nodejs.org/

SKILL.md:55

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com

SKILL.md:57

🔗

Medium External URL 外部 URL

https://img.alicdn.com/...

reference/search-hotel.md:44

🔗

Medium External URL 外部 URL

https://img.alicdn.com/tfscom/...

reference/search-poi.md:32

File Tree

11 files · 30.3 KB · 950 lines

Markdown 11f · 950L

├─ ▾ 📁 reference

│ ├─ 📝 ai-search.md Markdown 26L · 659 B

│ ├─ 📝 examples.md Markdown 23L · 585 B

│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB

│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB

│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB

│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB

│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B

│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB

│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB

│ └─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB

└─ 📝 SKILL.md Markdown 299L · 11.2 KB

Security Positives

✓ No executable scripts or code files - purely documentation

✓ No credential harvesting or API key theft behavior

✓ No data exfiltration to external servers

✓ No base64-encoded or obfuscated code

✓ All shell commands documented and from official sources

✓ User profile storage is limited to travel preferences only

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

Scan Report

Findings 1 items

File Tree

Security Positives