Is jackculpan/flightclaw safe?

https://github.com/openclaw/skills/tree/main/skills/jackculpan/flightclaw

82
SAFE

FlightClaw is a legitimate flight price tracking skill with a clean SKILL.md and no prompt injection attempts. The primary concern is a documentation claim of Cloudflare R2 cloud backup that has no corresponding implementation in the code, creating an undisclosed data handling discrepancy. Secondary concerns include use of an unofficial Google Flights scraper library that impersonates Chrome browsers to bypass bot detection, violating Google's ToS and creating a fragile dependency. Canary file integrity was maintained throughout the audit with no credential exfiltration detected.

Category Scores

Prompt Injection 97/100 · 30%
Data Exfiltration 68/100 · 25%
Code Execution 78/100 · 20%
Clone Behavior 92/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 80/100 · 5%

Findings (5)

HIGH Undocumented R2 Cloud Backup Claim Without Implementation -25

SKILL.md states 'Price history is stored in skills/flightclaw/data/tracked.json and persists via R2 backup.' Cloudflare R2 is a cloud object storage service. However, no R2 client library is installed in setup.sh, no R2 credentials are configured, and no R2 upload code exists in any Python file. This creates a discrepancy between documented behavior and actual code. Users may not realize this represents either aspirational documentation, a removed feature, or a future capability that would upload their travel tracking data to Cloudflare storage.

MEDIUM Chrome Browser Impersonation to Scrape Google Internal API -12

search_utils.py directly calls Google's internal FlightsFrontendUi endpoint using impersonate='chrome', which uses TLS fingerprinting to mimic a real Chrome browser. This bypasses Google's bot detection and violates Google's Terms of Service. While this does not harm the user directly, it means the skill could stop working without notice, and the fli library's impersonation approach may be updated or removed at any time. Additionally, using an unofficial internal Google API means the data format could change without warning.

MEDIUM Unvetted Third-Party Pip Dependency: flights (fli) -10

setup.sh installs the 'flights' pip package, which is an unofficial Google Flights scraper library. This is not an official Google library and is not part of any well-known security-audited package ecosystem. The package uses curl_cffi for browser impersonation. Users installing this skill also install this third-party dependency which could contain supply chain risks.

LOW Local Storage of Sensitive Travel Pattern Data -7

The skill stores flight route information (origin, destination, travel dates, cabin class, prices) in a local tracked.json file. While this is benign on its own, travel pattern data is sensitive personal information. If the R2 backup feature were ever added, this data would be synced to cloud storage. In combination with other skills that can read arbitrary files, this data could be exposed.

INFO Standard Monorepo Sparse-Checkout Installation Pattern 0

The skill installs via git clone of the openclaw/skills monorepo with sparse-checkout to the specific skill subdirectory. This is the expected ClawHub installation pattern. No unexpected processes or network connections were observed during installation.