HANHANLI
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is relevant to hotel comparison, but it asks the agent to build persistent user and family profiles from travel behavior with unclear real-world consent, storage, and sharing boundaries.
Install only if you want a hotel assistant that may personalize results from remembered travel behavior. Before using it with real plans or family information, ask the agent what it will store, turn off history learning or family sharing unless needed, and avoid providing payment, contact, health, or highly private travel details unless clear deletion and sharing controls are available.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your travel searches and preferences could be remembered and reused later, including in ways you did not explicitly approve.
This directs the agent to record interactions, update a model, and store user profiles across sessions. For a hotel skill, that can include travel plans, budgets, dates, preferences, and family needs.
实时学习流程 ... 5. 记录本次交互数据 6. 分析学习点,更新模型 7. 存储更新后的档案
Use only if you are comfortable with persistent personalization. The skill should require explicit opt-in, show what is stored, define retention, and offer clear deletion/reset controls.
Different household members could be inferred, profiled, or linked based on conversation and environment signals, creating privacy and misidentification risks.
The skill proposes identifying different users through behavior, session, device, or environment signals, which expands profiling beyond information the user explicitly provides.
隐式识别: - 对话风格和用语习惯 - 搜索和筛选模式 ... 会话关联: - 会话ID关联 - 设备/环境识别
Require explicit identity confirmation before loading or updating any profile, avoid device/environment fingerprinting, and keep household profiles separate unless each person opts in.
Private travel interests or preferences may be exposed to other family members if sharing is enabled or misunderstood.
The example profile defaults to sharing search history and preferences inside a family account. Shared travel searches and preferences can reveal private plans, budgets, relationships, or special needs.
"sharing_preferences": { "share_search_history": true, "share_preferences": true, "share_booking_history": false }Default family sharing should be off, and the agent should ask before sharing each category of history, preferences, or booking-related information.
Users may overtrust the skill’s privacy protections and share sensitive travel or family information without verified safeguards.
The artifact makes strong privacy and safety assurances, but the supplied files mostly contain instructions and pseudocode rather than implemented access control, encryption, retention, or deletion enforcement.
严格数据隔离,保护个人隐私 ... 现在可以安全地推荐给家人使用
Reword privacy claims as design goals unless implemented, and clearly explain what the current skill can and cannot enforce.
The agent might fetch a web page as part of using the skill; this appears related to the hotel/package-analysis purpose but should remain user-directed.
The file embeds raw tool-call-like markup outside a normal code fence. The destination is relevant to package price checking, but this format could encourage unintended tool invocation by an agent.
<|DSML|function_calls> <|DSML|invoke name="web_fetch"> ... https://www.shanghaidisneyresort.com/tickets/
Keep tool calls as plain examples or fenced code, and require the user’s search context before any live web fetch.