travel planner
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: fliggy-travel-planner Version: 1.0.7 The skill bundle is classified as suspicious primarily due to instructions in SKILL.md that direct the AI agent to execute shell commands via an 'exec' tool (e.g., using curl to fetch data from wttr.in). This pattern introduces a potential shell injection vulnerability if the destination city input is not properly sanitized by the agent. While the scripts (scripts/query_weather.py, scripts/generate_report.py) and browser automation flows (references/browser-flow.md) appear aligned with the stated purpose of travel planning, the instruction to use raw shell execution for network requests is a high-risk practice. No evidence of intentional malice, data exfiltration, or persistence was found. IOCs include wttr.in, api.open-meteo.com, and xiaohongshu.com.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A monitoring job could keep running after the immediate trip-planning request, repeatedly querying travel sites and sending notifications until manually stopped.
This describes a recurring daily background task, but the artifacts do not show an end date, cancellation command, cleanup instructions, or confirmation boundary for ongoing operation.
1. 设置价格监控 cron 任务
2. 每天查询北京 - 三亚机票
...
"schedule": {"kind": "every", "everyMs": 86400000}Require explicit user confirmation before creating any recurring task, include the monitored route/date/price threshold, set an expiration date, and document how to list and remove the task.
The skill may operate with logged-in travel or social-media sessions, which can expose account-specific pages and preferences during travel research.
The skill may rely on Fliggy account information and browser-profile login sessions for Xiaohongshu/Fliggy. This is purpose-aligned, but users should notice that account sessions are involved.
在 `TOOLS.md` 中确保已配置飞猪账号信息。... 技能使用内置浏览器 profile,无需额外配置。首次使用小红书可能需要扫码登录。
Use only accounts you are comfortable using for automated browsing, avoid storing unnecessary credentials, and require separate user approval before any booking or purchase action.
Destination, route, and travel-date information may be sent to Xiaohongshu, Fliggy, and weather services, and a local command may be run to fetch weather.
The skill instructs the agent to use browser automation and a shell curl command with trip parameters. This is central to the stated purpose and includes timeouts, but it is still external tool use users should be aware of.
Promise.all([ browser.open(...xiaohongshu...), exec({ command: 'curl -s "wttr.in/{城市名}?format=j1"' ...}), browser.open(...fliggy...) ])Keep the tool use limited to the requested destination and dates, sanitize user-provided values before constructing shell or URL strings, and avoid including sensitive personal details in search queries.