flyai-visa-timeline Security Report — Low Risk | ClawSafe

20 /100

flyai-visa-timeline

签证进度规划与提醒助手 - Visa timeline planning assistant

A benign visa planning assistant with minor documentation gaps regarding shell execution requirements for npm install.

Skill Nameflyai-visa-timeline

Duration35.6s

Enginepi

✓

Safe to install

Add explicit declaration of Bash/shell:WRITE permission requirement for npm install of the flyai-cli tool in SKILL.md. No action needed to block usage.

Findings 3 items

Severity	Finding	Location
Low	Shell permission not declared Doc Mismatch SKILL.md does not explicitly declare that Bash/shell:WRITE permission is required for the npm install -g command. The core-workflow.md shows this is a mandatory pre-step. `npm install -g @fly-ai/flyai-cli@latest --registry=https://registry.npmjs.org` → Add explicit declaration of shell:WRITE permission requirement in SKILL.md capabilities section	`reference/core-workflow.md:10`
Low	CLI tool version unpinned in npx calls Supply Chain reference/tools.md uses 'npx @anthropic-ai/flyai-cli@latest' which fetches the latest version each time, introducing supply chain risk. `npx @anthropic-ai/flyai-cli@latest` → Consider pinning to a specific version for reproducible behavior	`reference/tools.md:6`
Info	External URLs in reference files not documented in SKILL.md Doc Mismatch reference/core-workflow.md references nodejs.org and npmmirror.com URLs that are not mentioned in the main SKILL.md `https://nodejs.org/` → Consider adding these URLs to SKILL.md for transparency	`reference/core-workflow.md:19`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ/WRITE`	`READ/WRITE`	✓ Aligned	SKILL.md and user-profile-storage.md declare ~/.flyai/user-profile.md access
Shell	`NONE`	`WRITE`	✗ Violation	reference/tools.md and core-workflow.md reference 'npm install -g @fly-ai/flyai-…
Network	`NONE`	`READ`	✗ Violation	flyai CLI commands make outbound network requests; external URLs in reference fi…
Environment	`NONE`	`NONE`	—	No environment variable access detected
Skill Invoke	`READ/WRITE`	`READ/WRITE`	✓ Aligned	user-profile-storage.md declares search_memory/update_memory usage

4 findings

🔗

Medium External URL 外部 URL

https://nodejs.org/

reference/core-workflow.md:19

🔗

Medium External URL 外部 URL

https://registry.npmmirror.com

reference/core-workflow.md:21

🔗

Medium External URL 外部 URL

https://img.alicdn.com/...

reference/search-hotel.md:44

🔗

Medium External URL 外部 URL

https://img.alicdn.com/tfscom/...

reference/search-poi.md:32

File Tree

13 files · 31.4 KB · 1048 lines

Markdown 13f · 1048L

├─ ▾ 📁 reference

│ ├─ 📝 ai-search.md Markdown 26L · 659 B

│ ├─ 📝 core-workflow.md Markdown 243L · 7.0 KB

│ ├─ 📝 examples.md Markdown 42L · 1.5 KB

│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB

│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB

│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB

│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB

│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B

│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB

│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB

│ ├─ 📝 tools.md Markdown 34L · 782 B

│ └─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB

└─ 📝 SKILL.md Markdown 101L · 3.6 KB

Dependencies 2 items

Package	Version	Source	Known Vulns	Notes
`@fly-ai/flyai-cli`	`latest`	npm	No	Version pinned to latest via npx - supply chain risk
`@anthropic-ai/flyai-cli`	`latest`	npm	No	Version not pinned

Security Positives

✓ No credential harvesting or sensitive data theft detected

✓ No base64-encoded commands or obfuscation patterns found

✓ No reverse shell, C2, or data exfiltration behavior

✓ Filesystem access is limited to user preference storage (~/.flyai/)

✓ All external URLs point to legitimate services (npm registries, Alibaba CDN)

✓ Skill functionality is straightforward travel planning - no hidden malicious intent

✓ User profile storage is clearly documented with dual-mode fallback

Scan Report

Findings 3 items

File Tree

Dependencies 2 items

Security Positives