中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 5/100
Last scan:1 day ago Rescan
5 /100
flyai-trip-checker
行程体检员——验证已有行程方案,输出体检报告
Pure Markdown documentation skill for travel itinerary validation with no executable code. All declared capabilities are appropriate for the documented use case.
Skill Nameflyai-trip-checker
Duration32.6s
Enginepi
Safe to install
This skill is safe to use. No action required. The shell/npm references are purely in documentation context for installing a legitimate CLI tool.

Findings 2 items

Severity Finding Location
Low
External URL references in documentation Doc Mismatch
SKILL.md references external URLs to npm registry (npmmirror.com) and Alibaba travel service (feizhu.com). These are legitimate services and properly documented.
npm config set registry https://registry.npmmirror.com
→ No action needed - these are standard package registries and travel service URLs.
 SKILL.md:48
Low
User profile file path access Sensitive Access
Skill accesses ~/.flyai/user-profile.md for reading user preferences. This is opt-in storage with user consent.
read_file(file_path="~/.flyai/user-profile.md")
→ No action needed - documented behavior with user consent.
 reference/user-profile-storage.md:44
ResourceDeclaredInferredStatusEvidence
Filesystem READ READ ✓ Aligned SKILL.md:130 - reads ~/.flyai/user-profile.md
Shell WRITE WRITE ✓ Aligned SKILL.md:46 - npm install documented
Network READ READ ✓ Aligned SKILL.md:55-65 - FlyAI CLI search commands
4 findings
🔗
Medium External URL 外部 URL
https://registry.npmmirror.com
SKILL.md:48
🔗
Medium External URL 外部 URL
https://a.feizhu.com/xxxxx
SKILL.md:111
🔗
Medium External URL 外部 URL
https://img.alicdn.com/...
reference/references/search-hotel.md:44
🔗
Medium External URL 外部 URL
https://img.alicdn.com/tfscom/...
reference/references/search-poi.md:32

File Tree

13 files · 39.7 KB · 1257 lines
Markdown 13f · 1257L
├─ 📁 reference
│ ├─ 📁 references
│ │ ├─ 📝 ai-search.md Markdown 26L · 659 B
│ │ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB
│ │ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB
│ │ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB
│ │ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB
│ │ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B
│ │ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB
│ │ └─ 📝 search-train.md Markdown 77L · 2.6 KB
│ ├─ 📝 example.md Markdown 201L · 7.5 KB
│ ├─ 📝 output-template.md Markdown 164L · 5.7 KB
│ ├─ 📝 scoring-rules.md Markdown 70L · 2.4 KB
│ └─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB
└─ 📝 SKILL.md Markdown 194L · 5.6 KB

Security Positives

✓ Pure documentation skill - no executable code present
✓ All capabilities properly declared in SKILL.md
✓ No credential harvesting or data exfiltration
✓ No obfuscation or base64 encoded content
✓ User profile storage is opt-in with consent
✓ References only legitimate external services (npm registry, Alibaba travel)
✓ No suspicious network behavior beyond documented FlyAI CLI usage