ClawHub

ctrip-flight

v1.0.0

Search and compare flight tickets on Ctrip by departure, arrival, date, and cabin class, returning structured flight and price information in JSON format.

0· 51·0 current·0 all-time
by@andrew-707
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the included scripts: the code and data focus on locating airports, parsing Ctrip flight pages, aggregating and outputting JSON. Required capabilities (HTTP requests, parsing) are proportional to the stated goal.
Instruction Scope
SKILL.md explicitly tells the user to obtain an FVP cookie from flights.ctrip.com and paste it into the script's self.cookie variable. That is consistent with the scraping approach but requires editing code and exposing a session cookie in local files; the instructions do not ask the agent to read unrelated system files or other credentials.
Install Mechanism
No install spec; skill is instruction + local scripts only. No external downloads or installers are used, lowering installation risk.
Credentials
The skill needs a Ctrip session cookie to access data; SKILL.md documents this, but the project also ships with a hardcoded FVP cookie default in ctrip_flight.py. Using or embedding session cookies in code is a privacy/operational concern — it would be more appropriate to accept the cookie via a secure environment variable or config file.
Persistence & Privilege
No special persistence or always-enabled flag. The skill runs when invoked and does not request system-level privileges or modify other skills.
Assessment
This skill appears to do what it claims (scraping flights.ctrip.com and returning JSON). Before installing: (1) be aware it scrapes Ctrip and performs network requests to flights.ctrip.com/m.ctrip.com; (2) it uses an FVP session cookie — do not paste sensitive or shared cookies into files you will share; prefer placing your cookie in a local environment variable or config file instead of editing source code; (3) the repository includes a hardcoded cookie default — replace or remove it to avoid acting as another user's session; (4) scraping a website can violate terms of service and may break if Ctrip changes page structure, so test on non-production data and monitor for failures; (5) review the full scripts locally to ensure no unexpected outgoing endpoints or telemetry are added before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk971qb5ev6cew3rz6cpbted7k983y3zp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments