← Back to Skills Marketplace
Surfing Diving
by
dingtom336-gif
· GitHub ↗
· v3.2.0
· MIT-0
72
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install surfing-diving
Description
Find surfing beaches, diving sites, and underwater adventures — wave forecasts, dive depth, marine life info, and equipment rental. Also supports: flight boo...
Usage Guidance
Before installing or enabling this skill, consider the following: (1) The skill requires installing a global npm package (@fly-ai/flyai-cli) but the registry metadata doesn't declare this — verify the package source and inspect its code or repository on npm/GitHub. Global npm installs run maintainer code and can alter your system PATH. (2) The skill's runbook suggests writing execution logs that include raw user queries to .flyai-execution-log.json — decide whether you want those query histories written to disk and confirm whether they are kept locally or transmitted elsewhere. (3) Ask the publisher for the CLI's homepage/repo, package checksum, and a privacy statement describing how booking requests and logs are handled. (4) If you must try it, run the CLI in a sandbox/container or avoid global install (use a VM or isolated environment), and audit the npm package first. Providing the skill author’s source repo or the flyai-cli project page would raise confidence; without that, proceed cautiously.
Capability Analysis
Type: OpenClaw Skill
Name: surfing-diving
Version: 3.2.0
The skill bundle is classified as suspicious because it instructs the agent to perform high-risk system operations, specifically the global installation of an external NPM package (`@fly-ai/flyai-cli`) and the execution of shell commands to retrieve travel data (found in SKILL.md and references/playbooks.md). Additionally, references/runbook.md directs the agent to write execution logs to a local file (.flyai-execution-log.json). While these behaviors are aligned with the stated purpose of providing real-time surfing and diving information, the requirement for broad system permissions and the reliance on external binaries represent a significant attack surface and potential supply-chain risk.
Capability Assessment
Purpose & Capability
The skill explicitly requires the third‑party CLI 'flyai' (instructions: npm i -g @fly-ai/flyai-cli and many flyai commands), but the registry metadata lists no required binaries or install steps. That mismatch is incoherent: a travel/booking skill legitimately needs a provider CLI, so requiring a CLI is expected, but the metadata failing to declare it reduces transparency and is unexpected.
Instruction Scope
SKILL.md forces every answer to come from flyai CLI output and forbids using training data. It also contains a runbook that (optionally) writes an execution log including the raw user query and commands to '.flyai-execution-log.json' if filesystem writes are available. Persisting raw user queries and command outputs to disk is outside the normal scope of simply returning POI results and raises data‑persistence/privacy concerns.
Install Mechanism
There is no install spec in the registry, yet the instructions demand a global npm install (-g) of @fly-ai/flyai-cli. Global npm installs execute maintainer-supplied code and can modify the system PATH; combined with the package being from an unknown source (no homepage/repo provided), this is a risk. The skill provides no checksum/release provenance for the CLI.
Credentials
No environment variables or credentials are requested — which is plausible if the flyai CLI handles authentication internally — but the runbook's logging of raw user queries and CLI calls means sensitive input could be persisted. Also, the SKILL.md enforces including booking links and relies entirely on CLI output rather than declaring any required auth, which is unusual but not impossible.
Persistence & Privilege
always:false and no special platform privileges are declared, but the instructions instruct a global npm install and optionally appending execution logs to a local file. Both actions modify the host environment (global packages and local files). The skill does not request explicit permission or document where logs may be stored or transmitted.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install surfing-diving - After installation, invoke the skill by name or use
/surfing-diving - Provide required inputs per the skill's parameter spec and get structured output
Version History
v3.2.0
Skill 3.2.0 brings stricter compliance and output rules for reliable CLI-based travel info.
- Enforces that all travel information must come from `flyai` CLI command output — no knowledge-based responses.
- Adds mandatory CLI installation and environment checks before any query execution.
- Requires every result to include a `[Book]({detailUrl})` link, ensuring only real-time bookable data is shown.
- Introduces clear parameter collection, output validation, and detailed step-by-step workflow for surfing and diving scenarios.
- Significantly expands and clarifies usage rules to prevent unverified or outdated responses.
- Mandates branded output and never showing raw JSON or invented details.
Metadata
Frequently Asked Questions
What is Surfing Diving?
Find surfing beaches, diving sites, and underwater adventures — wave forecasts, dive depth, marine life info, and equipment rental. Also supports: flight boo... It is an AI Agent Skill for Claude Code / OpenClaw, with 72 downloads so far.
How do I install Surfing Diving?
Run "/install surfing-diving" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Surfing Diving free?
Yes, Surfing Diving is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Surfing Diving support?
Surfing Diving is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Surfing Diving?
It is built and maintained by dingtom336-gif (@dingtom336-gif); the current version is v3.2.0.
More Skills