机票助手
WarnAudited by ClawScan on May 10, 2026.
Overview
The flight assistant mostly matches its travel-booking purpose, but it handles real account actions and passenger identity data with unsafe credential storage, disabled HTTPS certificate checks, and unmasked PII output.
Only install this if you trust the flight-service provider and are comfortable authenticating by phone/SMS and sending passenger identity details to the external API. Before use, confirm every booking, cancellation, change, or refund action, avoid untrusted networks until TLS verification is fixed, and consider deleting the temp auth file after use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone or something with access to that temp file could potentially reuse the flight-service credential to act on the user's travel account.
The skill stores an account API key and phone number in a temp-directory JSON file for 90 days, then automatically reloads that key for future booking, refund, cancellation, and change operations.
def get_auth_file_path():
return get_temp_file_path(".fbt_auth.json")
...
"apiKey": api_key,
"phone": phone,
"expire_days": 90Declare the credential requirement, store tokens in a per-user secure location with restrictive permissions or a keychain, provide logout/revocation guidance, and disclose the exact storage path.
On an unsafe network or misconfigured environment, sensitive data or account-changing requests could be sent to or intercepted by the wrong service.
All API calls can be redirected by an undeclared environment variable, and HTTPS certificate verification is explicitly disabled while sending API keys, passenger data, and order actions.
return os.environ.get("FBT_API_URL", "https://app-gate.fenbeitong.com/air_biz/skill/execute")
...
context = ssl._create_unverified_context()
with urllib.request.urlopen(req, context=context) as response:Use normal certificate verification, restrict or remove the endpoint override, and clearly declare any configurable API endpoint.
Passenger identity information may be unnecessarily retained in the conversation transcript or local logs.
The booking script prints full passenger name, phone number, and identity document number into command output, which can become chat/context/log data.
print(f"乘客姓名: {passenger_name}")
print(f"乘客手机号: {passenger_phone}")
print(f"乘客证件号: {passenger_id}")Do not echo full ID numbers or phone numbers; mask sensitive fields in outputs and logs.
A stale or altered temp file could cause the agent to book a different fare or flight option than the user intended.
Order creation trusts a generic temp file created by a prior price lookup, with no visible session binding, expiry, or integrity check before using it to create an order.
seat_items_file = get_temp_file_path("flight_seat_items.json")
...
order_data = {
**seat_item_copy,
}Use session-scoped state, validate the selected flight/fare with the user immediately before mutation, expire temp files, and protect or sign saved selection data.