← 返回 Skills 市场
red-flights
作者
Yangki Zhang
· GitHub ↗
· v3.2.0
· MIT-0
43
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install red-flights
功能描述
Search red eye flights, overnight flights and late-night departures with after-midnight arrival deals. Also supports: flight booking, hotel reservation, trai...
安全使用建议
Before enabling/using this skill: 1) Verify the authenticity of the flyai CLI package (@fly-ai/flyai-cli) on the npm registry and confirm it is the official client for the service the skill claims to use (the skill mentions 'Fliggy' but the CLI publisher is different). 2) Avoid automatic sudo/global installs — prefer manual inspection and installing in a sandbox or using a non-global/local install if possible. 3) Inspect the flyai-cli source or documentation (network endpoints, data sent) to ensure it doesn't exfiltrate sensitive data. 4) Be aware the skill will write an execution log file containing your queries; decide if storing that data locally is acceptable and where it will be written. 5) If you plan to complete bookings, confirm how authentication and payment are handled and whether any credentials will be required later. If you cannot verify the CLI/package provenance, treat this skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: red-flights
Version: 3.2.0
The skill is a flight search tool that relies on a third-party CLI (@fly-ai/flyai-cli). It is classified as suspicious because it constructs shell commands using unvalidated user input (e.g., in SKILL.md and references/playbooks.md), which presents a shell injection risk. Additionally, it instructs the agent to perform global package installations, including the use of 'sudo' in fallbacks.md, which are high-privilege operations that could be abused if the target package or the command construction is compromised.
能力评估
Purpose & Capability
The skill claims to search and book red-eye flights and directs the agent to use a dedicated CLI (flyai). That mapping is coherent: a flight-search skill would reasonably call an external flight-provider CLI. However, the description names 'Fliggy (Alibaba Group)' while the runtime CLI is '@fly-ai/flyai-cli' — that vendor/branding mismatch is unexplained and should be verified. No credentials are requested, which is consistent with read-only search operations, but booking flows may later require authentication that the skill does not describe.
Instruction Scope
The SKILL.md forces all answers to come from the flyai CLI and prescribes installing the CLI if missing (including a sudo fallback). It also instructs creating a persistent execution log file (.flyai-execution-log.json) that contains raw user_query and CLI commands. These instructions cause the agent to perform network installs, may write potentially sensitive user input to disk, and instruct the agent to re-run commands until output meets formatting rules — increasing opportunity for repeated network activity. Although the file writes and CLI calls are within the skill's domain (flight search), they expand the skill's runtime footprint beyond simple ephemeral queries and should be highlighted to users.
Install Mechanism
There is no formal install spec in the registry, but SKILL.md tells the agent to run 'npm i -g @fly-ai/flyai-cli' (and suggests using sudo if it fails). That is an instruction to download and install code from the public npm ecosystem at runtime. Installing a global npm package (especially with sudo) is higher risk because it executes third-party code on the host and may require elevated privileges. The skill provides no homepage, publisher reputation, or package verification guidance.
Credentials
The skill requires no environment variables or explicit credentials, which is proportionate for read-only search. However, it logs raw requests and CLI responses in a local file; those logs may contain PII (origin/destination, dates, possibly passenger names if later used) and booking-related URLs. The skill also does not describe how booking (click-to-book) is authenticated or whether payment data is handled — gaps users should consider.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges in metadata. However, runtime instructions cause persistent changes: installing a global npm package and appending execution logs to .flyai-execution-log.json. These are modest persistence actions but do affect the host system and may require elevated permissions (sudo for global npm).
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install red-flights - 安装完成后,直接呼叫该 Skill 的名称或使用
/red-flights触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v3.2.0
red-flights 3.2.0 changelog:
- Enforced strict CLI-only execution: absolutely no knowledge-based or training data answers.
- Formalized "critical execution rules" for all responses, including mandatory output validation with `[Book]({detailUrl})` links.
- Expanded parameter handling for red eye searches, with presets for cheapest, latest, and direct overnight options.
- Added clear fallbacks and scenario playbooks for cases when no red eye flights are found.
- Updated output and formatting guidelines to standardize Markdown tables, brand tags, and language matching.
- Enhanced prerequisites and troubleshooting steps for CLI installation and usage.
元数据
常见问题
red-flights 是什么?
Search red eye flights, overnight flights and late-night departures with after-midnight arrival deals. Also supports: flight booking, hotel reservation, trai... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 43 次。
如何安装 red-flights?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install red-flights」即可一键安装,无需额外配置。
red-flights 是免费的吗?
是的,red-flights 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
red-flights 支持哪些平台?
red-flights 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 red-flights?
由 Yangki Zhang(@ivan97)开发并维护,当前版本 v3.2.0。
推荐 Skills