Yanji Bus Query

v1.0.0

查询延吉公交线路的实时车辆位置，可指定线路号、子线路及模糊匹配起始和终点站名。

⭐ 0· 253·0 current·0 all-time

by@ham-kris

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ham-kris/yanjibus.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "Yanji Bus Query" (ham-kris/yanjibus) from ClawHub.
Skill page: https://clawhub.ai/ham-kris/yanjibus
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ham-kris/yanjibus

ClawHub CLI

Package manager switcher

npx clawhub@latest install yanjibus

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

Name/description match the implementation: the script queries http://bus.yanjibus.com and prints route + realtime vehicle data. However the registry metadata declares no required binaries while the script clearly depends on curl and python3 — an omission that is incoherent and may mislead users about runtime requirements.

Instruction Scope

SKILL.md instructs the agent to run the included bash script which fetches HTML/JSON from bus.yanjibus.com and parses it. The script embeds two sources of untrusted input (BUS_DATA from the remote HTTP response and user-supplied --from/--to values) directly into the Python -c source as triple-quoted string literals without escaping. That creates a realistic remote/user-controlled code-injection / arbitrary-Python-execution risk if the fetched data or parameters contain quote sequences or crafted payloads.

✓

Install Mechanism

No install spec — instruction-only with an included script. Nothing is downloaded or written during install, which is proportionate to the stated purpose.

✓

Credentials

The skill requests no environment variables, credentials, or config paths, which aligns with its stated purpose of querying a public bus site.

✓

Persistence & Privilege

The skill does not request permanent presence (always:false) and does not modify other skills or system configs. Autonomous invocation is allowed by default but is not combined with other privilege escalation signals.

What to consider before installing

This skill appears to implement the advertised bus-query functionality, but you should be cautious before running it: (1) the metadata omits required binaries — ensure curl and python3 are available; (2) the script embeds the remote JSON (and user-supplied station names) directly into an inlined Python program without escaping, which could allow arbitrary Python code execution if the remote site or inputs are malicious or if an attacker can tamper with the HTTP responses; (3) only use this skill if you trust the bus.yanjibus.com host or run it in an isolated/sandboxed environment. If you plan to install or run it, consider patching the script to avoid embedding untrusted data into source (e.g., pass BUS_DATA via stdin or a temporary file and use json.load, and safely escape or validate user inputs), and update the skill metadata to list required binaries.

Like a lobster shell, security has layers — review code before you run it.

latestvk979me1kkxhh3yrt9ztxes9xr182p38b

253downloads

0stars

1versions

Updated 6h ago

v1.0.0

MIT-0

延吉公交实时查询项目

Skills

/bus - 延吉公交实时查询

查询延吉公交线路的实时车辆位置。

用法: 当用户问公交相关问题时，运行 bash ./yanji-bus.sh <线路号> [子线路号] [--from <站名> --to <站名>]

当用户提供了出发站和目的站时，使用 --from 和 --to 参数自动判断乘坐方向。站名支持模糊匹配（包含关系即可）。

常用线路速查:

3路3线: 火车站 ↔ 兴农三队
4路: 火车站 ↔ 延吉西站
6路: 火车站 ↔ 兴安小学
9路: 延吉人民体育场 ↔ 万家盛苑
10路: 延吉西站 ↔ 公交集团五车队
37路: 军分区东 ↔ 延吉西站

如果用户只说了线路号没说子线路号，默认子线路为1。3路有3条子线路(1/2/3)。

配合使用

可配合高德地图 skill 使用，实现步行导航到公交站、查找目的地附近站点等功能。

Comments

Loading comments...