Is brennerspear/flights-search safe?

https://github.com/openclaw/skills/tree/main/skills/brennerspear/flights-search

94
SAFE

The brennerspear/flights-search skill is a clean, documentation-only markdown file that instructs an agent how to invoke a local flights-search CLI tool for querying Google Flights data. No prompt injection, hidden instructions, executable code, git hooks, or exfiltration mechanisms were found in the skill files. Post-install canary file accesses are attributable to the Oathe audit framework's integrity verification routine, not the skill, and all canary files remain intact. The only material risk is the skill's instruction to run an unversioned pip install fast-flights, which introduces a low-severity supply chain dependency.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 92/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 85/100 · 5%

Findings (3)

LOW Unversioned pip dependency: fast-flights -6

The skill requires pip install fast-flights with no version pin. A future malicious release of the fast-flights package on PyPI could execute arbitrary code on install. This is a manual step, not auto-executed during skill installation, but the agent may be instructed to run it on first use.

LOW Post-install canary reads attributed to audit framework -5

Batched canary file reads occurred after skill installation at timestamp 1771942141.671. Analysis of EXECVE records and canary integrity confirmation indicates these are Oathe framework verification reads, not skill-initiated access. The static nature of the skill (markdown only) precludes any mechanism for skill-driven file access.

INFO Reverse-engineered API may violate Google ToS -2

fast-flights uses an undocumented Google Flights protobuf endpoint. Use may violate Google's Terms of Service, and the endpoint could be patched or rate-limited at any time, breaking the skill silently.