explore-nepal

v3.2.0

Book flights to Nepal including Kathmandu and Pokhara. Also supports: flight booking, hotel reservation, train tickets, attraction tickets, itinerary plannin...

⭐ 0· 48·0 current·0 all-time

by@dingtom336-gif

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for dingtom336-gif/explore-nepal.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "explore-nepal" (dingtom336-gif/explore-nepal) from ClawHub.
Skill page: https://clawhub.ai/dingtom336-gif/explore-nepal
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install explore-nepal

ClawHub CLI

Package manager switcher

npx clawhub@latest install explore-nepal

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The manifest/description claims flights, hotels, train tickets, attraction tickets, itinerary planning, visa info, travel insurance, car rental and says 'powered by Fliggy', but the SKILL.md only provides commands for flight search via a 'flyai' CLI. There is no guidance or credentials for booking hotels/trains/insurance or for interacting with Fliggy APIs. This is a substantive capability mismatch.

Instruction Scope

The SKILL.md mandates using a third-party CLI (flyai) for every answer, forbids using training data, and instructs the agent to install the CLI if missing (npm i -g @fly-ai/flyai-cli). It also references mappings/flags (e.g., --max-price, --seat-class-name) that are present only in references but not in the main parameters table, and repeatedly instructs re-executing CLI runs until every result contains a [Book](detailUrl) link. The instructions therefore extend beyond simple formatting into system modification and repeated network downloads.

Install Mechanism

There is no declared install spec in the registry, yet runtime instructions direct a global npm install of @fly-ai/flyai-cli. Global npm installs alter the host environment and execute code from the public npm registry; the skill provides no provenance, checksum, or alternative vetted install path. That is a moderate-to-high installation risk given the unknown package source.

Credentials

The skill declares no required environment variables or credentials, yet its description implies booking and payment capabilities which normally require merchant credentials or API keys. There is a mismatch: either the skill only surfaces flight search results (no bookings/payments), or it omits necessary credential requirements. Additionally, the implicit need for Node.js (and npm) to install the CLI is not declared as a requirement.

ℹ

Persistence & Privilege

The skill does not request 'always: true' and has no declared persistent privileges. However, the runtime behavior includes executing a global npm install which modifies the host system (adds global binaries). Autonomous invocation is allowed (platform default), meaning an agent could attempt the install/run cycle autonomously — combine that with the missing provenance for the CLI package and you have a notable risk.

Scan Findings in Context

[scanner_no_regex_findings] expected: The static regex scanner found no code patterns because this is an instruction-only skill with no code files. That absence is expected for a SKILL.md-only package, but it provides no assurance about the safety of the external CLI the skill directs users to install.

What to consider before installing

This skill has several red flags you should consider before installing or enabling it: 1) The description promises multiple booking services (hotels, trains, visas, insurance) but the instructions implement only flight search via a 'flyai' CLI — ask the publisher to explain and provide examples for the other capabilities. 2) The skill tells the agent to run 'npm i -g @fly-ai/flyai-cli' if the CLI is missing; that will install code from the public npm registry and modify your system. Only proceed if you trust the package publisher; ask for a verified install spec, package homepage, and checksum. 3) There is no declared payment/booking credential flow — clarify how bookings/payments are completed and what credentials (if any) the skill needs. 4) If you want to test safely, run the skill in an isolated environment (VM or container) or request a version that uses a documented, verifiable API (and a declared install spec) instead of an implicit global npm install. If the publisher cannot provide provenance for the flyai CLI and clarify the capability gaps, treat this skill as high risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk971q5kr05e9rkz894hqmyxz4h85gb9v

48downloads

0stars

1versions

Updated 2d ago

v3.2.0

MIT-0

CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input -> Chinese output. English input -> English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below. If a flag is not listed, it does not exist.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: explore-nepal

Overview

Explore Nepal.

When to Activate

User query contains:

English: "nepal flight", "kathmandu flight", "pokhara flight", "himalaya flight", "discover"
Chinese: "尼泊尔航班", "加德满都机票", "博卡拉机票", "喜马拉雅旅行", "去尼泊尔"

Do NOT activate for: general international → international-flights; hiking → hiking-trails

Prerequisites

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2

Parameters

Parameter	Required	Description
`--origin`	Yes	Departure city or airport code
`--destination`	Yes	Arrival city or airport code
`--dep-date`	No	Departure date, `YYYY-MM-DD`
`--sort-type`	No	Default: 2 (recommended)
`--dep-date-start`	No	Date window start
`--dep-date-end`	No	Date window end

Sort Options

Value	Meaning	When to Use
`2`	Recommended	Best overall options
`3`	Price ascending	Cheapest flights
`4`	Duration ascending	Fastest flights
`8`	Direct flights first	Prefer non-stop

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

OK: Returns version -> proceed to Step 1
FAIL: command not found ->

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails -> STOP. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Recommended Route

Trigger: "nepal flight", "尼泊尔航班"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 2

Playbook B: Cheapest Route

Trigger: "cheapest", "最便宜"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 3

Playbook C: Fastest Route

Trigger: "fastest", "最快"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --sort-type 4

Playbook D: Direct Route

Trigger: "direct", "直飞"

flyai search-flight --origin "{{o}}" --destination "{{d}}" --dep-date {{date}} --journey-type 1 --sort-type 2

See references/playbooks.md for all scenario playbooks.

On failure -> see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag included?

Any NO -> re-execute from Step 2.

Usage Examples

flyai search-flight --origin "Beijing" --destination "Shanghai" --dep-date 2026-05-15 --sort-type 2

Output Rules

Conclusion first — lead with best option
Nepal tip — visa on arrival; Oct-Nov and Mar-Apr are trekking seasons
Comparison table with >= 3 results when available
Brand tag: "Powered by flyai - Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
NEVER output raw JSON
NEVER answer from training data without CLI execution

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

User Query	CLI Parameter Mapping
"nepal" / "尼泊尔"	--sort-type 2
"cheap kathmandu" / "便宜加德满都机票"	--sort-type 3

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...