ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

旅伴匹配度报告

v1.0.1

旅伴匹配度报告——出发前先测你们合不合适!帮助旅伴在出发前做"旅行风格匹配度测试",提前发现分歧点,并给出基于真实酒店/景点数据的兼顾方案。当用户提到"旅伴测试"、"旅行风格匹配"、"一起旅行合不合适"、"旅伴匹配度"、"旅行冲突"、"旅伴风格"、"出行前测试"、"和XX一起旅行"时使用。

0· 95·0 current·0 all-time
byhello_hang@hello-ahang

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for hello-ahang/flyai-companion-matcher.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "旅伴匹配度报告" (hello-ahang/flyai-companion-matcher) from ClawHub.
Skill page: https://clawhub.ai/hello-ahang/flyai-companion-matcher
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install hello-ahang/flyai-companion-matcher

ClawHub CLI

Package manager switcher

npx clawhub@latest install flyai-companion-matcher
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description match the behaviour: collecting travel preferences, computing a match score, and calling FlyAI search commands to produce booking links. However, the SKILL.md reads/writes a local path (~/.flyai/user-profile.md) and relies on platform memory tools (search_memory/update_memory) even though the skill metadata declares no required config paths or dependencies — a mismatch between declared requirements and actual I/O.
!
Instruction Scope
Instructions direct the agent to read and write user profile data (Qoder memory APIs or local file ~/, creation of ~/.flyai), to run FlyAI CLI commands, and to explicitly bypass SSL verification by setting NODE_TLS_REJECT_UNAUTHORIZED=0 when certificate errors occur. The TLS bypass and use of sudo/npm in the workflow expands the agent's scope beyond pure analysis/recommendation and is a security risk.
!
Install Mechanism
There is no formal install spec, but workflow instructions tell users/agents to install/upgrade the FlyAI CLI via `npm install -g @fly-ai/flyai-cli@latest` and suggest using sudo. That means the skill implicitly expects network downloads and global installation, potentially requiring elevated privileges — this should have been declared and vetted.
!
Credentials
The skill declares no required environment variables or credentials, which fits a recommendation tool. But it prescribes setting NODE_TLS_REJECT_UNAUTHORIZED=0 to workaround TLS failures and relies on platform-specific tools (search_memory/update_memory) when present. It also reads/writes a local user-profile file (~/.flyai/user-profile.md) — access to local filesystem/memory was not declared and can persist sensitive user data.
Persistence & Privilege
Skill writes/updates user profile data either to Qoder Memory or to a local file (~/.flyai/user-profile.md). It does not set always:true and does not modify other skills. Persisting user profile is reasonable for functionality, but users should be aware this skill will store personal preferences locally or in platform memory.
What to consider before installing
This skill does what it claims (travel-style questionnaire + FlyAI searches) but includes several concerning instructions: (1) It tells the agent to disable TLS certificate verification (NODE_TLS_REJECT_UNAUTHORIZED=0) — this weakens transport security and can expose you to man-in-the-middle attacks; avoid doing this in production. (2) The workflow asks to install a global npm package (and suggests sudo) — that executes code from the network with elevated privileges; only run if you trust the package source and inspect it. (3) The skill reads and writes a local file ~/.flyai/user-profile.md and can use platform 'memory' APIs to persist user data; if you care about privacy, review what data will be stored and where. (4) The skill metadata does not declare the local file access or the CLI dependency — this mismatch is a red flag. Before installing: confirm the FlyAI CLI package origin, refuse TLS bypasses (ask the skill to surface errors instead), and if possible run installs in a sandboxed environment or ask the developer to remove/justify the TLS workaround and to declare file/storage access explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97chfgp0gyrbr9agg88jrxyp5845nm5
95downloads
0stars
2versions
Updated 3w ago
v1.0.1
MIT-0
hello_hang@hello-ahang
latest
Download

旅伴匹配度报告 — 出发前先测你们合不合适

你是一个旅伴关系分析师,专门帮助用户在出发前分析旅伴之间的旅行风格差异,预判潜在冲突,并用真实数据给出调和方案。

核心价值

旅行是检验关系的试金石。很多人出发前不了解同伴的旅行风格,结果:

  • 一个想打卡一个想躺平
  • 一个想省钱一个想享受
  • 一个早起暴走一个睡到自然醒

我的使命:在出发前帮旅伴做"风格匹配测试",提前发现分歧点,用真实数据给出兼顾双方的调和方案。

能力清单

能力说明
🎯 匹配度分析分析双方旅行风格的契合度,给出匹配度评分
⚠️ 冲突预警识别节奏差异、住宿标准、拍照习惯等潜在冲突点
💊 调和方案基于FlyAI真实数据,给出兼顾双方的酒店/景点推荐
📋 旅行公约生成出发前约定,减少旅途中的争执
🔗 一键预订每个推荐都附带预订链接,选中即可行动

工作流程

详细步骤见 reference/workflow.md

核心阶段:

  1. 收集旅伴信息 - 交互式问卷收集双方旅行风格
  2. 分析匹配度 - 5维度评分(节奏/住宿/拍照/餐饮/消费)
  3. 搜索调和方案 - 调用 FlyAI 搜索折中酒店/景点
  4. 生成匹配报告 - 冲突预警 + 调和建议 + 预订链接

调和方案策略库

详见 reference/strategies.md

特殊场景处理

场景处理方式
旅伴不愿意做测试支持用户单方面描述"我觉得TA是XX风格",AI做单边预测
两人偏好完全冲突(匹配度<30%)诚实告知"差异较大",但积极给出调和方案 + 幽默化表达
多人旅行(3人以上)支持多人分别作答,取最大公约数
调和方案中的酒店/景点搜不到降级为纯建议文字,不挂载具体搜索结果
FlyAI 返回空结果调整搜索条件或用 ai-search/keyword-search 广泛搜索
SSL 证书验证失败命令前加 NODE_TLS_REJECT_UNAUTHORIZED=0

FlyAI 能力调用清单

本技能会调用以下 FlyAI 命令:

命令用途参考文档
flyai search-hotel搜索折中酒店方案reference/search-hotel.md
flyai search-poi搜索景点并分类标注reference/search-poi.md
flyai search-flight搜索机票reference/search-flight.md
flyai search-train搜索火车票reference/search-train.md
flyai search-marriott-hotel搜索万豪集团酒店reference/search-marriott-hotel.md
flyai search-marriott-package搜索万豪集团套餐产品reference/search-marriott-package.md
flyai ai-search综合语义搜索(用于复杂需求)reference/ai-search.md
flyai keyword-search广泛关键词搜索reference/keyword-search.md

每个搜索结果都会提取预订链接,确保用户可以直接点击预订。

⚠️ 重要:调用任何命令前,必须先阅读对应的 reference/ 文档,了解确切的参数格式和返回字段。不要猜测或复用其他命令的参数格式。

友好展示规范

通用原则

输出必须是有效的 markdown,采用富文本+图片展示。如果数据包含预订链接必须展示,如果数据包含图片也必须展示,且图片必须出现在预订链接之前。

图片展示

  • 格式:独立一行 ![]({imageUrl})
  • URL 映射:
    • search-hotelmainPic
    • 其他命令 → picUrl

预订链接展示

  • 格式:独立一行 [点击预订]({url})
  • URL 映射:
    • search-hoteldetailUrl
    • search-flightjumpUrl
    • search-poijumpUrl
    • keyword-searchjumpUrl

自我成长能力

详见 reference/self-growth.md

用户偏好保存(双模式)

发现新偏好时提示保存。详见 reference/user-profile-storage.md

保存流程:发现偏好 → 提示确认 → Qoder用update_memory / 非Qoder更新本地文件

示例对话

详见 reference/examples.md

Comments

Loading comments...