flyai-trip-checker 安全扫描报告 — 低风险 | ClawSafe

5 /100

flyai-trip-checker

行程体检员——验证已有行程方案，输出体检报告

Pure Markdown documentation skill for travel itinerary validation with no executable code. All declared capabilities are appropriate for the documented use case.

技能名称flyai-trip-checker

分析耗时32.6s

引擎pi

✓

可以安装

This skill is safe to use. No action required. The shell/npm references are purely in documentation context for installing a legitimate CLI tool.

安全发现 2 项

严重性	安全发现	位置
低危	External URL references in documentation 文档欺骗 SKILL.md references external URLs to npm registry (npmmirror.com) and Alibaba travel service (feizhu.com). These are legitimate services and properly documented. `npm config set registry https://registry.npmmirror.com` → No action needed - these are standard package registries and travel service URLs.	`SKILL.md:48`
低危	User profile file path access 敏感访问 Skill accesses ~/.flyai/user-profile.md for reading user preferences. This is opt-in storage with user consent. `read_file(file_path="~/.flyai/user-profile.md")` → No action needed - documented behavior with user consent.	`reference/user-profile-storage.md:44`

资源类型	声明权限	推断权限	状态	证据
文件系统	`READ`	`READ`	✓ 一致	SKILL.md:130 - reads ~/.flyai/user-profile.md
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md:46 - npm install documented
网络访问	`READ`	`READ`	✓ 一致	SKILL.md:55-65 - FlyAI CLI search commands

4 项发现

🔗

中危外部 URL 外部 URL

https://registry.npmmirror.com

SKILL.md:48

🔗

中危外部 URL 外部 URL

https://a.feizhu.com/xxxxx

SKILL.md:111

🔗

中危外部 URL 外部 URL

https://img.alicdn.com/...

reference/references/search-hotel.md:44

🔗

中危外部 URL 外部 URL

https://img.alicdn.com/tfscom/...

reference/references/search-poi.md:32

目录结构

13 文件 · 39.7 KB · 1257 行

Markdown 13f · 1257L

├─ ▾ 📁 reference

│ ├─ ▾ 📁 references

│ │ ├─ 📝 ai-search.md Markdown 26L · 659 B

│ │ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB

│ │ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB

│ │ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB

│ │ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB

│ │ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B

│ │ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB

│ │ └─ 📝 search-train.md Markdown 77L · 2.6 KB

│ ├─ 📝 example.md Markdown 201L · 7.5 KB

│ ├─ 📝 output-template.md Markdown 164L · 5.7 KB

│ ├─ 📝 scoring-rules.md Markdown 70L · 2.4 KB

│ └─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB

└─ 📝 SKILL.md Markdown 194L · 5.6 KB

安全亮点

✓ Pure documentation skill - no executable code present

✓ All capabilities properly declared in SKILL.md

✓ No credential harvesting or data exfiltration

✓ No obfuscation or base64 encoded content

✓ User profile storage is opt-in with consent

✓ References only legitimate external services (npm registry, Alibaba travel)

✓ No suspicious network behavior beyond documented FlyAI CLI usage