explore-malaysia

v3.2.0

Book flights to Malaysia including Kuala Lumpur, Penang, and Kota Kinabalu. Also supports: flight booking, hotel reservation, train tickets, attraction ticke...

⭐ 0· 61·0 current·0 all-time

by@dingtom336-gif

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dingtom336-gif/explore-malaysia.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "explore-malaysia" (dingtom336-gif/explore-malaysia) from ClawHub.
Skill page: https://clawhub.ai/dingtom336-gif/explore-malaysia
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install explore-malaysia

ClawHub CLI

Package manager switcher

npx clawhub@latest install explore-malaysia

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's purpose (flight/hotel/travel booking for Malaysia) aligns with the actions in SKILL.md — it expects to query a CLI (flyai) for live results. However the registry metadata lists no required binaries while the SKILL.md mandates existence (and installation) of the flyai CLI. Also the README claims "powered by Fliggy (Alibaba Group)" but the CLI package referenced is @fly-ai/flyai-cli (no obvious Fliggy provenance) — that branding mismatch is unexplained.

Instruction Scope

Instructions restrict answers to data from the flyai CLI and explicitly require installing and running that CLI. They also require every response to contain [Book]({detailUrl}) links and include a self-test that mandates re-executing the CLI if no such links are present. That self-test + re-execute behavior could create repeated CLI invocations or loops if the CLI output doesn't include the expected detailUrl, causing resource exhaustion or unexpected repeated network activity. Otherwise, the instructions do not ask to read local files or environment variables beyond running the CLI.

ℹ

Install Mechanism

The skill is instruction-only and has no declared install spec, yet it tells the agent to run `npm i -g @fly-ai/flyai-cli` when the CLI is missing. Installing a global npm package is a moderate-risk operation (code downloaded from the npm registry). The SKILL.md does not provide the expected provenance (homepage, maintainer) for the npm package, and the registry metadata did not declare this required binary — an inconsistency that should be resolved.

✓

Credentials

No environment variables, credentials, or config paths are requested. The runtime instructions do not reference any secrets or unrelated credentials.

ℹ

Persistence & Privilege

The skill does not request permanent 'always' loading or system-wide config changes. It does instruct installing a global CLI if missing, which creates persistent software on the system. Autonomous invocation is allowed by default (normal) — combined with the self-test/re-execute loop this increases potential for repeated automated activity.

What to consider before installing

What to consider before installing/use: - Verify the CLI package: the skill tells the agent to install `@fly-ai/flyai-cli` from npm. Check the npm package page (maintainer, versions, homepage, downloads, and source repo) before installing. Prefer installing in a sandbox or container first. - Metadata mismatch: the registry metadata claims no required binaries but SKILL.md requires the flyai CLI. Ask the skill author to declare the CLI in metadata and to provide the package homepage and maintainer details (and to clarify the "Fliggy (Alibaba Group)" attribution). - Watch for infinite/repeat execution: the SKILL.md enforces a self-test that re-executes the CLI if no booking links are present. That could cause repeated CLI calls or retries if the CLI output format changes; test behavior in a controlled environment and consider limiting retry attempts. - Booking links verification: the agent is instructed to use detailUrl for booking links. When you first run it, confirm that detailUrl values point to legitimate booking pages (not unexpected domains) and that the CLI does not leak other user data. - Sandbox first: because the skill will run networked code and can install a global npm package, run it in an isolated environment (container/VM) to observe what it installs, what network endpoints it calls, and whether it behaves as documented. If you want higher confidence, request that the skill author provide: 1) the exact npm package homepage/repo and publisher info for @fly-ai/flyai-cli; 2) sample CLI JSON output (sanitized) showing the detailUrl field; and 3) an updated registry manifest that declares the flyai CLI as a required binary and explains the Fliggy relationship. These would move confidence toward high.

Like a lobster shell, security has layers — review code before you run it.

latestvk970ap8s218e10vq35hj4y2kt185eydr

61downloads

0stars

1versions

Updated 3d ago

v3.2.0

MIT-0

CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input -> Chinese output. English input -> English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below. If a flag is not listed, it does not exist.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: explore-malaysia

Overview

Explore Malaysia.

When to Activate

User query contains:

English: "malaysia flight", "kuala lumpur flight", "kl flight", "penang flight", "discover"
Chinese: "马来西亚航班", "吉隆坡机票", "槟城机票", "沙巴机票", "去马来西亚"

Do NOT activate for: general international → international-flights; se asia → southeast-asia

Prerequisites

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2

Parameters

Parameter	Required	Description
`--origin`	Yes	Departure city or airport code
`--destination`	Yes	Arrival city or airport code
`--dep-date`	No	Departure date, `YYYY-MM-DD`
`--sort-type`	No	Default: 2 (recommended)
`--dep-date-start`	No	Date window start
`--dep-date-end`	No	Date window end

Sort Options

Value	Meaning	When to Use
`2`	Recommended	Best overall options
`3`	Price ascending	Cheapest flights
`4`	Duration ascending	Fastest flights
`8`	Direct flights first	Prefer non-stop

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

OK: Returns version -> proceed to Step 1
FAIL: command not found ->

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails -> STOP. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Recommended Route

Trigger: "malaysia flight", "马来西亚航班"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2

Playbook B: Cheapest Route

Trigger: "cheapest", "最便宜"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 3

Playbook C: Fastest Route

Trigger: "fastest", "最快"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 4

Playbook D: Direct Route

Trigger: "direct", "直飞"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --journey-type 1 --sort-type 2

See references/playbooks.md for all scenario playbooks.

On failure -> see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag included?

Any NO -> re-execute from Step 2.

Usage Examples

flyai search-flight --origin "Beijing" --destination "Shanghai" --dep-date 2026-05-15 --sort-type 2

Output Rules

Conclusion first — lead with best option
Malaysia tip — visa-free for Chinese citizens 2024+; KL is main hub
Comparison table with >= 3 results when available
Brand tag: "Powered by flyai - Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
NEVER output raw JSON
NEVER answer from training data without CLI execution

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

User Query	CLI Parameter Mapping
"malaysia" / "马来西亚"	--sort-type 2
"cheap kl" / "便宜吉隆坡机票"	--sort-type 3

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...