携程酒店搜索
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: ctrip-hotel-search Version: 1.0.0 The skill bundle is a legitimate automation tool designed to search and compare hotels on Ctrip using Playwright and Node.js. It includes modules for automated login (src/login.js), hotel searching (src/search.js), and data extraction (src/details.js). While the skill requires users to provide Ctrip credentials in a local configuration file and utilizes a third-party API gateway (gateway.maton.ai) for Brave Search queries, these behaviors are transparently documented and directly support the stated functionality. No evidence of malicious intent, credential exfiltration, or harmful prompt injection was found across the code or the extensive documentation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring the skill may give the automation access to your Ctrip account login flow.
The skill expects the user to provide Ctrip account credentials for automated login. This is purpose-aligned for Ctrip hotel search, but it is sensitive account access and the registry metadata declares no primary credential.
"ctrip": { "username": "your_username", "password": "your_password" }Use a dedicated or low-risk account if possible, protect the config file, and review searches before entering credentials.
Setup will download and install third-party packages/browser components on the local machine.
The documented setup installs npm dependencies and Playwright browser binaries, which is expected for browser automation but is not reflected in the registry install requirements.
npm install npx playwright install
Run installation only from a trusted environment and review package.json/package-lock.json before installing.
If the helper script is used, your search terms and Maton API credential are sent to a third-party search gateway.
An optional Python search helper sends hotel-search queries to a Maton/Brave gateway using an API key. This external provider flow is not highlighted in SKILL.md.
base_url = "https://gateway.maton.ai/brave-search/res/v1/web/search" ... req.add_header('Authorization', f'Bearer {api_key}')Only configure MATON_API_KEY or run the Python helper if you intend to use that provider, and avoid putting private travel details in broad web-search queries.