train assistant

ReviewAudited by ClawScan on May 10, 2026.

Overview

The skill matches its train-booking purpose, but it can create or cancel real orders and send passenger identity details to a live provider with unclear per-user authorization and no explicit final confirmation step.

Use this skill only if you trust the Fenbeitong integration and are comfortable providing passenger ID and phone details. Before booking or canceling, require the agent to show the exact train, date, seat, passenger, price or order ID, and ask for explicit confirmation.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI02: Tool Misuse and Exploitation

What this means

A mistaken or ambiguous conversation could lead to a pending booking being created or an existing order being canceled without the user seeing a final review step.

Why it was flagged

The skill directs the agent to create and cancel train orders, but the documented flow does not require a final user confirmation before these high-impact actions.

Skill content

用户选择座位类型后创建订单
- 收集乘车人信息：姓名、身份证号、手机号
- 调用创建订单接口... 取消订单：支持填写取消原因

Recommendation

Require explicit confirmation before create_order or cancel_order, showing route, date, train, seat, passenger, price or order ID, and any cancellation consequences.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Bookings or cancellations may be associated with a fixed integration account rather than a clearly authorized user account.

Why it was flagged

The live API integration uses embedded identifiers, while the registry declares no primary credential or required user authentication, leaving the account and billing authority boundary unclear.

Skill content

X_APP_ID = "688c927d2cf90c6f0595571d"
EMP_ID = "69b905e0e8b2fa511a087188"
HEADERS = {
    "X-App-Id": X_APP_ID,
    "Content-Type": "application/json"
}

Recommendation

Document the authorization model, use per-user OAuth or scoped credentials where appropriate, remove unused hard-coded account identifiers, and clearly state whose account is used for orders.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Users will be sharing sensitive identity and contact details with the external booking provider.

Why it was flagged

Passenger name, ID-card number, and phone number are sent to the Fenbeitong provider API; this is expected for ticketing but is sensitive personal data.

Skill content

BASE_URL = "https://openapiv2.fenbeitong.com" ... "passenger_info": {
    "name": passenger_name,
    "idcard": passenger_idcard,
    "phone": passenger_phone
}

Recommendation

Only provide passenger details when ready to book, confirm the provider/domain, and avoid entering another person’s data without consent.