ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Korean Booking

v2.1.0

韩国/首尔美容医美预约助手,内置 900+ 家皮肤科/整形医院数据库(BeautsGO 平台)。支持:①按医院名或项目类型(激光/注射/整形)查询预约流程;②直接调用接口提交预约(收集人数/时间/联系方式后 POST,无需浏览器);③打开医院详情页/价格表/在线客服;④中/英/日/泰四语言。触发场景:询问韩国美容...

0· 349·0 current·0 all-time
by@beautsgo·duplicate of @beautsgo/beautsgo-korean-booking·canonical: korean-aesthetic-booking-guide

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for beautsgo/korean-booking.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Korean Booking" (beautsgo/korean-booking) from ClawHub.
Skill page: https://clawhub.ai/beautsgo/korean-booking
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install korean-booking

ClawHub CLI

Package manager switcher

npx clawhub@latest install korean-booking
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description match what the code does: local hospital data + template rendering to produce multi-channel booking instructions. Declared requirements (no env vars, no binaries) align with the code's local-file-based design.
!
Instruction Scope
Runtime entry (api/skill.js) returns the rendered guide but also asynchronously runs a child_process.exec to open the hospital.url in a browser. That behavior goes beyond purely producing text (it triggers a side-effect on the host). Otherwise, instructions and code operate on local files (data/hospitals.json, i18n, templates).
Install Mechanism
There is no install spec; the skill is instruction/code-only. Provided package.json/package-lock indicate Node dependencies (pinyin-pro, jest) but no network-based install step is enforced by the SKILL metadata. Lack of an install spec reduces install-time risk.
Credentials
No environment variables, credentials, or config paths are requested. The code reads only bundled local files (data, templates, i18n).
Persistence & Privilege
Skill is not forced-always and can be invoked by the user/agent normally. The notable privilege is the ability to run a shell command (exec) to open a URL — this is not an elevated platform privilege but increases local side-effect capability and blast radius if the skill is compromised or data is tampered.
What to consider before installing
This skill mostly looks coherent with its purpose, but review these before installing: - Be aware that api/skill.js spawns a shell command (child_process.exec) to open the clinic URL on the host machine. If you do not want the skill to open your browser or run shell commands, avoid installing or remove/disable that code. - Inspect data/hospitals.json URLs: they will be opened by the skill. If the data source is tampered with, the skill could open arbitrary external links. - Confirm the template file referenced by core/renderer.js (templates/booking.tpl) is present and correct; missing template files will cause runtime errors. The repository manifest shown here does not clearly list that template, which is an implementation inconsistency to check. - Because the skill runs Node code, run it in a sandboxed environment (or with limited privileges) if you plan to install it on a machine with sensitive data. If you want to proceed safely: (1) remove or sandbox the setImmediate/exec block that opens URLs, (2) verify/whitelist the URL hosts in hospitals.json, and (3) run tests (if you trust the code) in an isolated environment first.
api/skill.js:17
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b8dvbaya923gtq2e9j92vhx83es4z
349downloads
0stars
33versions
Updated 1w ago
v2.1.0
MIT-0
@beautsgo
latest
Download

booking-skill

根据用户输入的医院名称,自动匹配医院并生成完整的 BeautsGO 平台预约流程说明。

功能

  • 支持中文名、英文名、拼音、首字母缩写、别名等多种方式匹配医院
  • 生成包含 App Store / Google Play / 微信小程序 / 微信公众号 / 网页端五大渠道的预约流程
  • 自动生成搜索关键词(中文名、英文名、拼音、首字母)
  • 支持多语言模板扩展

调用方式

输入示例:

{
  "query": "CNP皮肤科怎么预约",
  "lang": "zh"
}

输出: 渲染好的多渠道预约流程文本,直接展示给用户。

数据

医院数据存放在 data/hospitals.json,模板存放在 templates/booking.tpl,i18n 文本存放在 i18n/<lang>.json。新增医院只需在 hospitals.json 中添加记录,无需修改代码。

构建与静态生成

项目包含一个静态页面生成脚本 scripts/generate-md.js,用于生成 SEO 友好的静态医院页面:

npm run generate  # 生成所有医院的 Markdown 页面到 docs/clinics/

生成的页面位于 docs/clinics/ 目录,每页包含对应医院的完整预约流程,可直接用于网站部署或知识库构建。

Comments

Loading comments...