Is jarrodjs/seats-aero safe?

https://github.com/openclaw/skills/tree/main/skills/jarrodjs/seats-aero

98
SAFE

This skill provides documentation for using the seats.aero flight search API and appears to be completely legitimate. It contains only markdown documentation with no executable code, makes no suspicious network requests, and doesn't attempt to access sensitive files.

Category Scores

Prompt Injection 100/100 · 30%
Data Exfiltration 95/100 · 25%
Code Execution 100/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 90/100 · 5%

Findings (2)

LOW API Key Handling -5

The skill instructs users to provide their seats.aero API key and stores it in conversation context. While this is legitimate functionality for API usage, users should be aware they are sharing their credentials.

LOW Reference to Non-Existent Script -10

The skill documentation references 'scripts/seats_api.py' for Python API implementation, but this file is not present in the skill package. This could confuse users expecting the script to be available.