携程酒店搜索
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring the skill may give the automation access to your Ctrip account login flow.
The skill expects the user to provide Ctrip account credentials for automated login. This is purpose-aligned for Ctrip hotel search, but it is sensitive account access and the registry metadata declares no primary credential.
"ctrip": { "username": "your_username", "password": "your_password" }Use a dedicated or low-risk account if possible, protect the config file, and review searches before entering credentials.
Setup will download and install third-party packages/browser components on the local machine.
The documented setup installs npm dependencies and Playwright browser binaries, which is expected for browser automation but is not reflected in the registry install requirements.
npm install npx playwright install
Run installation only from a trusted environment and review package.json/package-lock.json before installing.
If the helper script is used, your search terms and Maton API credential are sent to a third-party search gateway.
An optional Python search helper sends hotel-search queries to a Maton/Brave gateway using an API key. This external provider flow is not highlighted in SKILL.md.
base_url = "https://gateway.maton.ai/brave-search/res/v1/web/search" ... req.add_header('Authorization', f'Bearer {api_key}')Only configure MATON_API_KEY or run the Python helper if you intend to use that provider, and avoid putting private travel details in broad web-search queries.