途牛酒店预订技能
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill matches its hotel-booking purpose, but it asks the agent to build and run raw curl shell commands using user-provided details, which could be unsafe if inputs are not carefully escaped.
Review this skill before installing. It is not clearly malicious, but it should be improved to avoid raw shell interpolation of user-provided fields. Use it only with a trusted Tuniu API key and endpoint, and require explicit confirmation before creating any booking order.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or malformed city, hotel, guest, or contact value could make the agent run something other than the intended hotel API request.
The agent is instructed to compose shell commands by substituting user-provided hotel search and booking fields into curl JSON bodies. Without explicit escaping or structured request construction, quotes or shell metacharacters in user input could break the command and cause unintended local command execution.
通过 **shell exec** 执行 **curl** ... 参数均为占位,调用时需**根据用户当前需求**填入实际值 ... -d '{..."cityName":"<用户指定的城市>"...}'Use a structured HTTP tool or a helper that JSON-serializes inputs safely instead of raw shell strings. If shell use remains necessary, explicitly escape every user-controlled value and require review before execution.
If invoked with the wrong hotel, dates, room, or guest details, it could create an unwanted booking order.
The skill can create an external hotel booking order using user contact and guest information. This is aligned with the booking purpose, but it is a high-impact action.
用户确认后创建酒店预订订单 ... 创建订单 (tuniu_hotel_create_order) ... contactName、contactPhone
Before calling the order-creation tool, confirm the hotel, room, dates, price, cancellation/payment terms, guest names, and contact phone with the user.
Anyone or any process with access to the key could potentially use the Tuniu API under that credential.
The skill sends a Tuniu API key in request headers. This is expected for the integration, but it grants delegated access to the provider API.
apiKey: $TUNIU_API_KEY ... -H "apiKey: $TUNIU_API_KEY"
Store the API key securely, scope it as narrowly as Tuniu allows, avoid sharing logs that include it, and rotate it if exposure is suspected.
Guest and contact details will be shared with the external Tuniu service when making a booking.
The skill clearly discloses that booking sends personal information to a remote MCP service. This is purpose-aligned, but it is sensitive data crossing a provider boundary.
预订功能会将用户提供的**个人信息**(联系人姓名、手机号、入住人姓名等)通过 HTTP POST 发送至途牛 MCP 远端服务(`https://openapi.tuniu.cn/mcp/hotel`)
Only provide booking personal information if you trust the Tuniu endpoint and understand its privacy handling; avoid configuring a custom MCP URL unless it is trusted.