← Back to Skills Marketplace
xiejinsong

oversize-baggage

by xiejinsong · GitHub ↗ · v3.2.0 · MIT-0
cross-platform ⚠ suspicious
64
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install oversize-baggage
Description
Search for flights accommodating oversize baggage and sports equipment. Also supports: flight booking, hotel reservation, train tickets, attraction tickets,...
Usage Guidance
Plain-language steps and cautions before installing or running this skill: - Provenance: Ask the publisher/developer for the skill's source code or an official homepage. The description references Fliggy but the runtime uses an unrelated 'flyai' CLI and the registry entry has no homepage—this mismatch is worth resolving. - NPM install risk: The skill instructs the agent to run `npm i -g @fly-ai/flyai-cli` if the CLI is missing. Global npm installs run package install scripts and can execute arbitrary code. Only run this if you (or your admin) have verified the package on npmjs.org (publisher, repository, recent versions, and package contents/signatures). - Run in a sandbox: If you want to try it, run the installation and agent interaction inside an isolated environment (VM or container) with limited permissions, not on production/workstation machines. - Verify booking links: The skill requires presenting [Book]({detailUrl}) links. Confirm where those links point (are they affiliate/redirects?), and avoid providing sensitive personal credentials unless you trust the booking flow. - Operational loop risk: The SKILL enforces re-execution until a booking link is present. Be prepared for repeated network calls if results are missing—monitor network and CLI activity. - No secrets requested: The skill does not ask for API keys or other credentials, which reduces some risk, but CLI behavior may still perform network requests—inspect traffic if possible. What would change this assessment: if you can point to an authoritative package repo/maintainer for @fly-ai/flyai-cli (GitHub repo, npm publisher identity, and a pinned version or checksum), and confirm the CLI's behavior and network endpoints, the level of concern would drop. Conversely, inability to identify the CLI publisher or evidence of unexpected network endpoints would increase the risk rating.
Capability Analysis
Type: OpenClaw Skill Name: oversize-baggage Version: 3.2.0 The skill bundle instructs the AI agent to automatically perform a global installation of an external npm package (`npm i -g @fly-ai/flyai-cli`) if the CLI is missing. This behavior introduces a significant supply chain risk and potential for Remote Code Execution (RCE) on the host system. While the instructions appear aligned with the stated flight-search functionality, the automated execution of global installers is a high-risk pattern that could be used to compromise the environment. Primary indicators are found in SKILL.md and references/fallbacks.md.
Capability Assessment
Purpose & Capability
The skill's stated purpose—searching for flights that accommodate oversize baggage—is consistent with the required runtime actions (calling a flight-search CLI). However the description claims 'powered by Fliggy (Alibaba Group)' while every runtime instruction targets a 'flyai' CLI; source/homepage are missing. This branding/source mismatch and lack of upstream provenance is unexplained.
Instruction Scope
SKILL.md tightly constrains behavior to using the flyai CLI and forbids answering from training data, which is coherent. But it requires the agent to install a global npm package at runtime if flyai isn't present (npm i -g @fly-ai/flyai-cli). That installation step can execute arbitrary code on the host. The skill also enforces re-execution until every result includes a [Book]({detailUrl}) link, which could cause repeated CLI use or loops if results are missing—this operational requirement increases risk.
Install Mechanism
There is no packaged install spec in the registry; instead the SKILL.md tells the agent to run a global npm install of @fly-ai/flyai-cli. Installing a third-party npm package globally at runtime is a moderate-to-high risk action unless the package's publisher/repo is verified. The instruction lacks any verification step (no expected package version, checksum, or repository URL).
Credentials
The skill requests no environment variables, no credentials, and no config paths. From an access-proportionality perspective, it does not ask for unrelated secrets or broad system credentials.
Persistence & Privilege
The skill does not request 'always: true' and does not indicate persistent modification of other skills or system-wide settings. Autonomous invocation is enabled (the platform default) but is not combined with an explicit elevation of privilege in the skill itself.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install oversize-baggage
  3. After installation, invoke the skill by name or use /oversize-baggage
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.2.0
- Enforced strict CLI-only responses: all results must originate from flyai CLI output, not training data. - Added multi-language support: output language matches user input (English/Chinese). - Specified detailed CLI parameter mapping and validation rules, including comprehensive environment and output checks. - Expanded description to clarify supported booking services (flights, hotels, trains, etc.) powered by Fliggy. - Updated output formatting rules: conclusions first, booking links required, minimum 3 results in comparison table when possible.
Metadata
Slug oversize-baggage
Version 3.2.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is oversize-baggage?

Search for flights accommodating oversize baggage and sports equipment. Also supports: flight booking, hotel reservation, train tickets, attraction tickets,... It is an AI Agent Skill for Claude Code / OpenClaw, with 64 downloads so far.

How do I install oversize-baggage?

Run "/install oversize-baggage" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is oversize-baggage free?

Yes, oversize-baggage is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does oversize-baggage support?

oversize-baggage is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created oversize-baggage?

It is built and maintained by xiejinsong (@xiejinsong); the current version is v3.2.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments