Self-drive Travel Roadbook
PassAudited by ClawScan on May 7, 2026.
Overview
This instruction-only travel roadbook skill appears coherent, but it handles local photos/files and uses external mapping services.
Before installing, make sure you are comfortable with the agent organizing local trip photos, writing to the specified Desktop paths, and sending route coordinates to public mapping services. Consider changing the hard-coded paths to your own folders and asking for confirmation before file-copy or rename operations.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may copy private photos from the local cache and rename trip images on disk.
The skill instructs the agent to copy and rename local image-cache files into a persistent Desktop folder. This is purpose-aligned for photo archiving, but it mutates local files and should be user-confirmed.
立即复制到统一照片目录:`/mnt/c/Users/zhou/Desktop/目的地+自驾_全部照片/` ... 重命名格式:`DayX_景点_序号.jpg`
Use it only for the intended trip photos, verify the destination folder first, and ask the agent to preview file operations before copying or renaming.
External routing services may receive trip start/end coordinates and infer parts of the itinerary.
Route coordinates are sent to an external OSRM routing service to obtain road geometry. This is disclosed and central to the map-generation purpose, but travel routes can be personal location data.
使用 OSRM API 获取真实道路坐标 ... `https://router.project-osrm.org/route/v1/driving/`
Avoid using sensitive private routes with the public OSRM endpoint, or use a trusted/self-hosted routing service if location privacy matters.
Opening the generated map can fetch and run third-party map JavaScript in the browser.
The generated map HTML loads Leaflet from a public CDN. This is common and purpose-aligned for an interactive map, but it means opening the generated HTML depends on remote third-party JavaScript.
`<script src="https://unpkg.com/leaflet@1.9.4/dist/leaflet.js"></script>`
If offline use or supply-chain control is important, pin trusted local copies of map libraries or add integrity controls.