12306 Train Query
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may create or overwrite a local output file if directed to a path the process can write.
The skill can create local HTML output files and allows a user-selected output path. This is expected for the documented reporting feature, but it is still local file-writing authority.
HTML mode (default): writes file, prints path to stdout ... `-o, --output <path>`: Output file path, html mode only
Use the default output location or a temporary directory, and avoid asking it to write to important system or personal files.
It is harder to verify who maintains the skill or compare the installed artifact against an upstream project.
The registry metadata does not provide a clear upstream source or homepage, which limits independent provenance verification even though the visible code is coherent.
Source: unknown; Homepage: none
Install only if you trust the registry publisher, and re-check the skill contents on future updates.
Cached station data can affect later lookups until it expires or is refreshed, but it does not appear to contain personal user data.
The skill persists downloaded station metadata for seven days and reuses it for station-name resolution.
const CACHE_FILE = join(__dirname, '..', 'data', 'stations.json'); const CACHE_TTL = 7 * 24 * 3600 * 1000;
Delete the cache or force a refresh if station results look stale or incorrect.