Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
旅行智能助手
v1.0.0AI智能旅行助手套装,包含行程规划、目的地指南、预算管理、签证办理、天气打包等一站式旅行服务。Invoke when user needs comprehensive travel planning, itinerary creation, destination information, budget calc...
⭐ 1· 41·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (travel assistant: itinerary, visas, budget, weather) align with the included code and sub-skills; requiring only python3 is proportionate. However the SKILL.md repeatedly demands 'real data' and cites external data sources (OpenWeatherMap, VFS, etc.), while the shipped modules use embedded static databases and simulated/random weather data rather than live API calls — an inconsistency between claimed capability and actual implementation.
Instruction Scope
Runtime instructions describe orchestrating five sub-skills and referencing external authoritative sources, but the actual code calls local service classes that read in-memory data structures and generate randomized forecasts. The SKILL.md's constraints ('must be based on real data', 'do not invent visa policies/prices') conflict with code that does not appear to fetch live data or verify sources at runtime — a scope mismatch that could mislead users if they expect real-time authoritative information.
Install Mechanism
No install spec (instruction-only) and the only runtime requirement is python3. That minimizes installation risk — the package ships Python files but doesn't declare downloads from remote/unknown URLs or create system-wide artifacts.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. Given the described features (which could use API keys), the absence of requested credentials matches the shipped implementation (local/static data).
Persistence & Privilege
Registry flags do not request always:true or elevated persistence. The skill does not attempt to modify other skills or system settings based on the provided files.
What to consider before installing
This package looks like a coherent offline/prototype travel assistant: it includes local Python modules for itinerary, visa, budget and weather logic and does not request any credentials or perform network calls. Important caveats to consider before using it as an authoritative tool: (1) SKILL.md promises recommendations 'based on real data' and cites external providers, but the included code uses static databases and randomized weather — verify any visa/price/schedule info against official sources before acting on it; (2) if you expect live, up-to-date weather, price monitoring, or visa lookups, ask the maintainer or review the code to see how/when it will be wired to real APIs (that would require API keys and network access); (3) because source is 'unknown', prefer running this in a sandboxed environment if you plan to execute the Python scripts, and review the omitted/truncated files for any network logic before granting it broader runtime permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk974mnsetkf3he2b54sy1k5gs983xd4b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
✈️ Clawdis
Binspython3