Skillv1.0.0

ClawScan security

qunar-travel-query · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 2, 2026, 1:42 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code implements travel queries as described, but there are inconsistencies around how the API key is named/accessed and an undeclared dependency that make the credential handling and runtime requirements unclear — this could lead to runtime failures or accidental exposure of the API key to arbitrary endpoints.
Guidance: This skill appears to implement Qunar travel queries, but there are two things you should check before installing or enabling it: 1) Credential mapping mismatch — The SKILL.md tells you to configure a credential named 'qunar_api_key', but the script reads an environment variable named COZE_QUNAR_API_KEY_7612643102733467667. Confirm with the platform how credentials are mapped to environment variables; if the platform does not automatically set COZE_QUNAR_API_KEY_7612643102733467667 from your 'qunar_api_key' entry, the skill will fail. Do not paste your real API Key into an arbitrary text field unless you understand where it will be stored. 2) Endpoint / exfiltration risk — The script will send your API Key in the Authorization header to whatever api_endpoint is provided. Only use official, documented Qunar endpoints. If you or the agent accidentally supply a malicious endpoint, your API Key could be leaked. Prefer hard-coding or whitelisting known official endpoints in agent logic, or restrict network egress in the runtime environment. Additional practical steps: - Verify the source (this package lists no homepage and the source is 'unknown'); prefer skills from known/trusted publishers. - Confirm the runtime has the 'coze_workload_identity' dependency (or replace it with a standard requests library) and declare dependencies explicitly. - If you must test, do so in a sandboxed environment with network controls and a test/limited API Key that can be revoked. - If unsure, ask the skill author to (a) document exact env var name(s) the script expects, (b) declare dependencies, and (c) restrict or validate api_endpoint values.

Review Dimensions

Purpose & Capability: okThe name, description, SKILL.md, script (scripts/qunar_query.py) and reference docs all align: they implement queries for flights, hotels, scenic spots and trains against Qunar APIs. The script's CLI and the documented endpoints match the stated purpose.
Instruction Scope: noteInstructions stay within the travel-query scope and instruct the agent to collect parameters and call the included script. However the SKILL.md allows (and requires) the agent/user to supply arbitrary api_endpoint values; the script will send the API Key in an Authorization header to whatever endpoint is provided. The credential configuration flow is described at a high level but lacks exact mapping details (see environment_proportionality).
Install Mechanism: noteThere is no install spec (instruction-only), which minimizes install-time risk. The code imports an unusual module: 'coze_workload_identity' (from coze_workload_identity import requests). That dependency is not declared anywhere and may not be present in runtime environments, causing failures or unexpected behavior if resolved by other means.
Credentials: concernMetadata declares no required env vars, but the script expects a specific environment variable named COZE_QUNAR_API_KEY_7612643102733467667. SKILL.md tells users to configure a credential named 'qunar_api_key' — these names do not match. This mismatch is a red flag: either the platform will map 'qunar_api_key' -> COZE_QUNAR_API_KEY_<id> (possible but unstated), or the script will fail. Also, because the script accepts arbitrary api_endpoint values, a misconfigured or malicious endpoint could receive the API Key (exfiltration risk).
Persistence & Privilege: okThe skill does not request 'always: true' and will not be force-included. It does not attempt to change other skills or system configs. No elevated persistence or unusual privileges are requested.