Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
机票购票助手
v1.0.0酒店聚合助手,整合分贝通、携程、美团、同程、华住会、锦江等多个酒店数据源,提供统一的酒店搜索、房型查询、预订服务。Invoke when user wants to search hotels across multiple platforms or aggregate hotel data from vario...
⭐ 0· 63·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Metadata/name/slug mismatch: the top-level name is '机票购票助手' and the registry slug is 'air-ticket-helper', but the SKILL.md, file names, and code implement a hotel aggregation service (multiple Chinese hotel platforms). This discrepancy is a strong incoherence signal (mislabeling or misdirection). Additionally, SKILL.md mandates calling multiple platform APIs to fetch real data, yet the skill declares no required credentials or environment variables that would normally be needed to authenticate to those APIs.
Instruction Scope
SKILL.md stays within the stated (hotel aggregation) domain: it instructs to call platform APIs, aggregate results, and not fabricate data. It does not instruct reading unrelated local files or exfiltrating environment data. However, it omits any guidance about how API credentials are supplied or stored, and states '必须调用各平台API获取真实数据' even though the code contains placeholder TODOs for actual API calls — the runtime behavior is underspecified.
Install Mechanism
No install spec (instruction-only) which is lower-risk, but two Python scripts are included and the skill requires python3. That means executing unvetted Python code from an unknown source if the agent runs these files. There are no external downloads or installers declared.
Credentials
The skill will call third-party hotel APIs (DATA_SOURCES list with real-looking base URLs), which normally require API keys/authentication, yet the skill declares no required env vars, no primary credential, and no config paths. Requesting no credentials while demanding live API calls is disproportionate and inconsistent with the declared purpose. This gap could force an integrator to insert secrets manually into code or runtime — a risky pattern.
Persistence & Privilege
No always:true flag, no required config paths, and no declared behavior to modify agent-wide settings. Autonomous invocation is enabled (default) but that is expected and not, by itself, a red flag here.
What to consider before installing
Do not install or run this skill until the author clarifies provenance and fixes the mismatches. Specific actions to consider:
- Clarify the intended purpose: why is the skill named 'air-ticket-helper' while all materials and code implement hotel aggregation? This may be a packaging error or intentional mislabeling.
- Ask how platform credentials are provided and stored. The SKILL.md mandates calling multiple platform APIs but the package declares no required env vars; supplying secrets may require editing code which increases risk.
- Inspect the Python files yourself (or have someone you trust do it). Although no obvious exfiltration code is present, these are arbitrary scripts that perform network requests, and running them executes unvetted code.
- If you must test, run in an isolated sandbox or container with no access to sensitive environment variables or host credentials, and do not provide real API keys until you confirm behavior.
- Prefer skills that declare required credentials and installation steps transparently and have a clear, matching name and documentation.
If the author provides a corrected package (matching name/slug/description, explicit env var requirements for API keys, and completed API implementations), reassess. Currently the inconsistencies warrant caution.Like a lobster shell, security has layers — review code before you run it.
latestvk9728sw54e82wxjztcjc80ve9s83xdp0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🏨 Clawdis
Binspython3