12306 Conflict

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill appears to automate 12306 login and ticket search, but it uses account credentials and stores session cookies without clearly declaring or documenting that sensitive access.

Review this skill carefully before installing. It is not showing clear malicious behavior, but it can interact with a real 12306 account and save reusable login cookies locally. Use it only if you understand where credentials and cookies are stored, and delete 12306_cookies.json when you no longer want the session retained.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Installing or running the skill may give the agent access to a real 12306 account session and leave reusable login cookies on disk.

Why it was flagged

The client reads 12306 account credentials and writes browser session cookies to a local JSON file, while the supplied metadata declares no required env vars or primary credential and the docs do not explain cookie retention or protection.

Skill content

self.username = username or os.getenv("RAILWAY_12306_USERNAME")
self.password = password or os.getenv("RAILWAY_12306_PASSWORD")
...
json.dump(self.page.context.cookies(), f, ensure_ascii=False, indent=2)

Recommendation

Only use this with a dedicated account if possible, avoid storing long-lived cookies, document the required credentials, and add clear cleanup instructions for 12306_cookies.json.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The agent can open the 12306 website and perform automated login/search actions in a browser session.

Why it was flagged

The skill uses Playwright to control a live browser session on 12306. This is purpose-aligned for ticket automation, but it means the agent can interact with a real service account.

Skill content

self.browser = playwright.chromium.launch(headless=self.headless) ... from_input.fill(from_station) ... search_btn.click()

Recommendation

Require explicit user approval before any account action beyond search, and keep a human in the loop for login, booking, payment, or changes.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may not know what credentials or dependencies are required before running the skill.

Why it was flagged

SKILL.md points users to a .env.example file for required environment variables, but that file is not present in the manifest, and the registry metadata declares no env vars.

Skill content

查看 `.env.example` 文件了解所需环境变量。

Recommendation

Add a reviewed .env.example, declare required environment variables and dependencies, and document exactly how credentials are used.