12306 Old
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill is not obviously malicious, but it handles 12306 login sessions and local cookies with incomplete disclosure and scoping.
Use this only if you are comfortable letting it interact with your 12306 account. Review the code first, install Playwright only from trusted sources, avoid shared environments, delete 12306_cookies.json after use if you do not want a saved session, and require explicit confirmation before any future booking or purchase workflow.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can operate in the context of a real 12306 account, so misuse or misunderstanding could expose account access or enable actions tied to the user's identity.
The client reads 12306 account credential environment variables and drives a login flow, while the supplied metadata declares no required credentials or environment variables.
self.username = username or os.getenv("RAILWAY_12306_USERNAME")
self.password = password or os.getenv("RAILWAY_12306_PASSWORD")
...
self.page.goto(f"{self.base_url}/index/login")Declare the credential contract clearly, explain exactly when the account is used, and require explicit user approval before any authenticated or account-changing action.
A local cookie file may preserve a logged-in 12306 session; if copied, leaked, or reused unexpectedly, it could expose the user's account session.
The code automatically persists and reloads browser cookies in a local JSON file, but the documentation does not describe retention, file protections, deletion, or limits on reuse.
cookie_file: str = "12306_cookies.json" ... self.page.context.add_cookies(cookies) ... json.dump(self.page.context.cookies(), f, ensure_ascii=False, indent=2)
Store cookies only with explicit consent, protect the file, document how to delete it, and provide an option to disable session persistence.
Automated browser actions could affect the user's 12306 session if expanded beyond search or used without close supervision.
The skill uses browser automation to interact with the 12306 website. This is purpose-aligned, but it means the agent can click controls in an authenticated browser session.
self.browser = playwright.chromium.launch(headless=self.headless) ... search_btn.click()
Keep browser actions user-directed and require confirmation before any booking, purchase, cancellation, or account-changing action.
Users or agents may need to install dependencies manually, which increases the chance of installing the wrong package or using an unreviewed setup path.
The code depends on Playwright, but the supplied install specification is absent and requirements do not declare setup details for this dependency.
from playwright.sync_api import sync_playwright, Page, Browser
Provide a pinned dependency/install specification and document the expected Playwright setup steps.