← 返回 Skills 市场
xiejinsong

military-flights

作者 xiejinsong · GitHub ↗ · v3.2.0 · MIT-0
cross-platform ⚠ suspicious
66
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install military-flights
功能描述
Find military flight benefits, veteran discounts and armed forces travel deals with military fare tickets for service members. Also supports: flight booking,...
安全使用建议
This skill is plausible for live military-fare lookups, but it has several red flags you should consider before installing or allowing autonomous runs: - Provenance missing: There is no homepage or source repo and the registry metadata does not declare the required 'flyai' CLI even though SKILL.md requires it. Verify the publisher identity and read the package repository (npm page / GitHub) before installing. - Implicit global install: The skill will attempt to run 'npm i -g @fly-ai/flyai-cli' if the CLI is absent. Global npm installs execute third-party code on your machine — prefer installing in a sandbox or review the package contents first. - Persistent local logs: The runbook suggests appending a JSON execution log (.flyai-execution-log.json) containing the raw user_query and steps. This may store PII/travel details. If you install, decide whether persistent logging is acceptable and where logs are written. - No declared binaries/install spec: The registry should list required binaries or an install spec. The omission is an incoherence; ask the publisher to provide a formal install manifest or signed release URLs. - Operational impact: If you allow the agent to auto-install packages, restrict it to a controlled environment or require manual confirmation. If you cannot validate the @fly-ai package, decline to install or run the skill. What would raise confidence to 'benign': a verifiable homepage or source repo, published package with a readable audit trail (repository, changelog, maintainer identity), a registry-declared required binary entry for 'flyai', and a non-global/sandboxed install path or explicit integrity checks. If you want, I can list specific steps to safely vet the npm package and run the skill in a sandboxed environment.
功能分析
Type: OpenClaw Skill Name: military-flights Version: 3.2.0 The skill mandates the global installation of an external NPM package (@fly-ai/flyai-cli) and requires the agent to execute shell commands to perform its functions. It also includes instructions in runbook.md to persist execution logs, including user queries, to a local hidden file (.flyai-execution-log.json). While these behaviors are technically aligned with the stated goal of providing real-time flight data via a CLI tool, the requirement for high-privilege system modifications (global npm install) and local file writes constitutes a significant security risk and potential for supply chain exploitation.
能力评估
Purpose & Capability
The SKILL.md repeatedly requires a 'flyai' CLI (and even instructs the agent to run 'npm i -g @fly-ai/flyai-cli' if missing), but the registry metadata claims no required binaries and provides no homepage or source. Requiring an external network-downloaded CLI is plausible for a real-time booking skill, but the omission from declared requirements and absence of publisher/homepage information is an incoherence and reduces traceability.
Instruction Scope
Runtime instructions mandate executing CLI commands, performing an npm global install if the CLI is absent, and strictly disallow answering from training data. The runbook also instructs persisting an execution log (.flyai-execution-log.json) that would contain the raw user_query and other runtime details. Those are legitimate for an API-backed flight skill, but they expand the agent's I/O footprint (network installs + writing potentially sensitive user queries to disk) and are not represented in metadata.
Install Mechanism
There is no install spec in the registry, yet SKILL.md instructs a global npm install ('npm i -g @fly-ai/flyai-cli'). Installing a package from npm is a moderate-to-high-risk action because it runs third-party code on the host; the skill gives no provenance (no homepage, no publisher identity) or verification steps (checksums, pinned version). That makes the implicit install operation higher risk than an instruction-only skill without install steps.
Credentials
The skill does not request environment variables or credentials (good), and its declared scope (find military fares) matches the need to call an external airfare service. However, the runbook persists user_query and other internal state to disk, which could capture PII or sensitive travel details. The absence of declared config paths or secrets is coherent but the logging behavior should be considered sensitive.
Persistence & Privilege
The skill is not marked 'always', which is appropriate, but the instructions proactively install a global npm package and suggest appending execution logs to '.flyai-execution-log.json' in the working directory. A global npm install changes system state and persistently places third-party binaries on the host; the log file creates persistent local artifacts. Both are elevated privileges relative to a purely read-only instruction skill and are not surfaced in metadata.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install military-flights
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /military-flights 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.0
- Enforced strict output sourcing: All flight data must come directly from the flyai CLI, never from training data. - Output validation: Every flight result now requires a [Book]({detailUrl}) link to ensure authenticity. - Updated military fare workflows: Added detailed playbooks for cheapest, recommended, and direct military flights, plus fallback search strategies. - Expanded feature support: Now also covers hotels, trains, visa info, travel insurance, and car rental, all via Fliggy. - Enhanced output rules: Includes comparison tables, military ID verification reminders, brand tag, and improved English/Chinese language adherence.
元数据
Slug military-flights
版本 3.2.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

military-flights 是什么?

Find military flight benefits, veteran discounts and armed forces travel deals with military fare tickets for service members. Also supports: flight booking,... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 66 次。

如何安装 military-flights?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install military-flights」即可一键安装,无需额外配置。

military-flights 是免费的吗?

是的,military-flights 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

military-flights 支持哪些平台?

military-flights 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 military-flights?

由 xiejinsong(@xiejinsong)开发并维护,当前版本 v3.2.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 留言讨论