中文 EN

Scan Report

Scan New Files

Low Risk — Risk Score 15/100
Last scan:1 day ago Rescan
15 /100
flyai-travel-blindbox
旅行盲盒助手,让旅行回归「探索未知」的本质。用户设底线条件(预算、飞行时间),AI在满足条件的目的地中随机抽取一个
This is a pure-documentation travel blindbox skill with no executable code, scripts, or dependencies. All observed behavior (CLI tool invocation via npx, filesystem user-profile storage, network travel searches) is fully consistent with the declared purpose.
Skill Nameflyai-travel-blindbox
Duration50.7s
Enginepi
Safe to install
No immediate action required. Consider adding explicit shell:WRITE and filesystem:WRITE declarations to SKILL.md to fully account for the npm install and ~/.flyai file operations.

Findings 3 items

Severity Finding Location
Low
Allowed-tools declaration absent Doc Mismatch
SKILL.md has no allowed-tools section, making it impossible to verify the declared vs. actual capability gap. The reference docs reveal shell:WRITE and filesystem:WRITE usage that is not declared at the top level.
No allowed-tools section in SKILL.md
→ Add an allowed-tools declaration to SKILL.md covering shell (for npm install and flyai CLI) and filesystem (for ~/.flyai/ profile storage)
 SKILL.md:1
Low
Unpinned CLI package dependency Supply Chain
The skill references @fly-ai/flyai-cli@latest via npm install -g, with no version pinning. This could allow a malicious version to be delivered if the package is compromised.
npm install -g @fly-ai/flyai-cli@latest
→ Pin to a specific version hash or use a verified lockfile for the CLI tool
 reference/workflow.md:17
Info
NODE_TLS_REJECT_UNAUTHORIZED=0 disables SSL verification Doc Mismatch
The workflow documentation instructs to prefix all flyai commands with NODE_TLS_REJECT_UNAUTHORIZED=0 to bypass SSL certificate errors. This could facilitate man-in-the-middle attacks if the environment is compromised.
NODE_TLS_REJECT_UNAUTHORIZED=0 flyai keyword-search
→ Resolve the root cause of SSL certificate failures rather than globally disabling TLS verification
 reference/workflow.md:30
ResourceDeclaredInferredStatusEvidence
Network NONE READ ✓ Aligned reference/workflow.md:31 — flyai CLI makes network requests to Alibaba Fliggy AP…
Shell NONE WRITE ✓ Aligned reference/workflow.md:17 — npm install -g @fly-ai/flyai-cli@latest; reference/wo…
Filesystem NONE WRITE ✓ Aligned reference/user-profile-storage.md — writes to ~/.flyai/user-profile.md
Skill Invoke NONE READ ✓ Aligned SKILL.md — uses search_memory, update_memory, ask_user_question tools not listed…
4 findings
🔗
Medium External URL 外部 URL
https://img.alicdn.com/...
reference/search-hotel.md:44
🔗
Medium External URL 外部 URL
https://img.alicdn.com/tfscom/...
reference/search-poi.md:32
🔗
Medium External URL 外部 URL
https://nodejs.org/
reference/workflow.md:19
🔗
Medium External URL 外部 URL
https://registry.npmmirror.com
reference/workflow.md:21

File Tree

16 files · 36.5 KB · 1162 lines
Markdown 16f · 1162L
├─ 📁 reference
│ ├─ 📝 ai-search.md Markdown 26L · 659 B
│ ├─ 📝 algorithm.md Markdown 13L · 424 B
│ ├─ 📝 examples.md Markdown 101L · 3.4 KB
│ ├─ 📝 flight-range.md Markdown 12L · 597 B
│ ├─ 📝 keyword-search.md Markdown 53L · 1.6 KB
│ ├─ 📝 search-flight.md Markdown 87L · 3.0 KB
│ ├─ 📝 search-hotel.md Markdown 57L · 1.8 KB
│ ├─ 📝 search-marriott-hotel.md Markdown 54L · 1.8 KB
│ ├─ 📝 search-marriott-package.md Markdown 40L · 995 B
│ ├─ 📝 search-poi.md Markdown 47L · 2.2 KB
│ ├─ 📝 search-train.md Markdown 77L · 2.6 KB
│ ├─ 📝 self-learning.md Markdown 19L · 450 B
│ ├─ 📝 tools.md Markdown 34L · 782 B
│ ├─ 📝 user-profile-storage.md Markdown 187L · 4.1 KB
│ └─ 📝 workflow.md Markdown 260L · 8.5 KB
└─ 📝 SKILL.md Markdown 95L · 3.9 KB

Security Positives

✓ Pure Markdown documentation package — zero executable code, scripts, or binaries
✓ No obfuscation patterns (base64, eval, atob) detected
✓ No credential harvesting, environment variable iteration, or sensitive path access (~/.ssh, ~/.aws, .env)
✓ No reverse shell, C2 communication, or data exfiltration patterns
✓ No prompt injection instructions or jailbreak content
✓ No typosquatting, malicious dependencies, or supply-chain attack indicators beyond version pinning
✓ All behavior (travel search, user profile storage) is contextually appropriate for the declared purpose
✓ External URLs are standard Alibaba CDN assets (img.alicdn.com), consistent with Fliggy travel API