ClawHub

HK Transit ETA

v1.0.1

Query Hong Kong bus ETA/stop data and MTR heavy rail ETA from natural-language transport questions using official KMB/LWB, Citybus, and MTR open-data endpoin...

0· 113·0 current·0 all-time
by@jimpang8
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name and description (HK bus/MTR ETA) match the implementation: the script queries KMB/Long Win, Citybus, and MTR open-data endpoints and includes mappings for operators/lines. The required resources (no env vars, no external credentials) are proportionate to the described task.
Instruction Scope
SKILL.md confines runtime steps to running the bundled Python script and parsing user queries; it does not instruct the agent to read unrelated files, access secrets, or call unknown endpoints. The script itself performs only HTTP requests to official transit/open-data endpoints and CSV parsing, which matches the skill's stated scope.
Install Mechanism
There is no install spec (instruction-only with an included script). No remote downloads or archive extraction are present in the metadata. The script uses Python's standard library urllib to fetch data from public APIs; this is expected for the task.
Credentials
The skill requires no environment variables, credentials, or config paths. The script makes unauthenticated calls to public open-data endpoints; no secret access or unrelated credentials are requested.
Persistence & Privilege
The skill is not marked always:true and is user-invocable only. The code uses in-memory caching (lru_cache) and does not appear to persist data or modify other skill/system configurations. Autonomous invocation is allowed by default but is not unusually privileged here.
Assessment
This skill appears coherent: it ships a Python script that queries official HK transit open-data endpoints (data.etabus.gov.hk, rt.data.gov.hk, opendata.mtr.com.hk) and needs no credentials. Before installing, review the full script yourself (or run it in a sandbox) to confirm there are no hidden network calls or filesystem writes beyond what you expect. Confirm network access is acceptable (the script will make outbound HTTP(S) requests). If you need stronger assurance, provide the complete (non-truncated) source for review or run the script with network monitoring to observe which hosts it contacts. Also avoid running third‑party scripts as a privileged user.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f2gbv0qyy25f4yjw91nr09983en99

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments