Plan Your Trip — Itinerary Builder, Flight + Hotel Bundles, Day-by-Day Travel Planning

v3.2.0

Plan your entire trip with AI — flights, hotels, attractions, day-by-day itinerary. Tell me your destination, dates, and interests, I'll handle the rest. Als...

⭐ 0· 48·0 current·0 all-time

by@xiejinsong

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill is a trip planner and explicitly requires live data from a 'flyai' CLI — that aligns with its description (Fliggy-powered travel search). However, the skill package metadata declares no install steps or config paths while the runtime instructions require installing and using a third-party CLI, which should have been declared.

Instruction Scope

SKILL.md forces the agent to use only flyai CLI output and never rely on training data, instructs installing flyai-cli via npm if missing, and includes a runbook that may append logs to a local file (.flyai-execution-log.json). Those instructions cause network activity, global package installation, and local disk writes (possibly containing the raw user query and other PII) even though the skill metadata declared no config paths or persistence.

Install Mechanism

There is no install spec in the registry metadata, yet the runtime instructions mandate running 'npm i -g @fly-ai/flyai-cli' if the CLI is absent. Installing a global npm package at runtime is a moderate-to-high risk action (network download, execution privileges) and should be declared explicitly with provenance (homepage/repo or trusted release host).

ℹ

Credentials

The skill requests no environment variables or credentials, which is proportionate to trip planning. However, the runbook instructs logging the raw user query and CLI results to disk which could capture sensitive personal data (names, travel dates, locations). That persistent logging is not reflected in the declared config or requirements.

Persistence & Privilege

always:false and no elevated privileges are declared, but the skill's instructions (global npm install and the runbook's optional file append to .flyai-execution-log.json) create persistent system changes and files. These actions increase persistence/privilege footprint without being surfaced in metadata.

What to consider before installing

What to consider before installing/using this skill: - The skill requires installing a third-party CLI package at runtime (npm i -g @fly-ai/flyai-cli). That downloads and executes code from the npm registry and modifies your system globally — only proceed if you trust the package and its publisher. Prefer manually installing and inspecting the package first. - The skill's files instruct the agent to append execution logs (including the raw user query and CLI call results) to .flyai-execution-log.json if filesystem writes are available. That log can contain personal data (destinations, dates, names). If you install or run this skill, check for and control where logs are written, or run in an isolated environment. - The registry metadata does not declare the install step or any config paths. Ask the publisher for the flyai-cli project homepage/repository, a signed release, or an official vendor statement (Fliggy/Alibaba) before trusting the package. - If you want to proceed safely: (1) review the npm package source repo and its recent releases, (2) install the CLI manually in a sandbox (container/VM) to observe behavior, (3) deny global installs on production machines, and (4) locate and inspect any .flyai-execution-log.json files and remove or secure them if they contain sensitive data. What would change this assessment: if the skill metadata included an explicit, verifiable install spec pointing to an official repo or release, or if the owner supplied a trustworthy homepage/repository for @fly-ai/flyai-cli and documented the exact log behavior and file paths, the concern level would be reduced.

Like a lobster shell, security has layers — review code before you run it.

latestvk971q3r7t4j03ramsxe0aeh5h584ry72

48downloads

0stars

1versions

Updated 5d ago

v3.2.0

MIT-0

⚠️ CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI command output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input → Chinese output. English input → English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: plan-trip

Overview

Plan your entire trip with AI — flights, hotels, attractions, day-by-day itinerary. Tell me your destination, dates, and interests, I'll handle the rest.

When to Activate

User query contains:

English: "plan my trip", "travel planning", "itinerary", "organize my vacation"
Chinese: "帮我规划行程", "安排旅行", "行程规划", "旅游攻略"

Do NOT activate for: specific type → see specialized planners

Prerequisites

npm i -g @fly-ai/flyai-cli

Parameters

This skill orchestrates multiple CLI commands. See each command's parameters below:

search-flight

Parameters

Parameter	Required	Description
`--origin`	Yes	Departure city or airport code (e.g., "Beijing", "PVG")
`--destination`	Yes	Arrival city or airport code (e.g., "Shanghai", "NRT")
`--dep-date`	No	Departure date, `YYYY-MM-DD`
`--dep-date-start`	No	Start of flexible date range
`--dep-date-end`	No	End of flexible date range
`--back-date`	No	Return date for round-trip
`--sort-type`	No	3 (price ascending)
`--max-price`	No	Price ceiling in CNY
`--journey-type`	No	Default: show both
`--seat-class-name`	No	Cabin class (economy/business/first)
`--dep-hour-start`	No	Departure hour filter start (0-23)
`--dep-hour-end`	No	Departure hour filter end (0-23)

Sort Options

Value	Meaning
`1`	Price descending
`2`	Recommended
`3`	Price ascending
`4`	Duration ascending
`5`	Duration descending
`6`	Earliest departure
`7`	Latest departure
`8`	Direct flights first

search-hotel

Parameters

Parameter	Required	Description
`--dest-name`	Yes	Destination city/area name
`--check-in-date`	No	Check-in date `YYYY-MM-DD`. Default: today
`--check-out-date`	No	Check-out date. Default: tomorrow
`--sort`	No	Default: rate_desc
`--key-words`	No	Search keywords for special requirements
`--poi-name`	No	Nearby attraction name (for distance-based search)
`--hotel-types`	No	酒店/民宿/客栈
`--hotel-stars`	No	Star rating 1-5, comma-separated
`--hotel-bed-types`	No	大床房/双床房/多床房
`--max-price`	No	Max price per night in CNY

Sort Options

Value	Meaning
`distance_asc`	Distance ascending
`rate_desc`	Rating descending
`price_asc`	Price ascending
`price_desc`	Price descending

search-poi

Parameters

Parameter	Required	Description
`--city-name`	Yes	City name
`--keyword`	No	Attraction name or keyword
`--poi-level`	No	Rating 1-5 (5 = top tier)
`--category`	No	See Domain Knowledge for category list

keyword-search

Parameters

Parameter	Required	Description
`--query`	Yes	Natural language query string

Core Workflow — Multi-command orchestration

Step 0: Environment Check (mandatory, never skip)

flyai --version

✅ Returns version → proceed to Step 1
❌ command not found →

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails → STOP. Tell user to run npm i -g @fly-ai/flyai-cli manually. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Full Plan

Trigger: "plan my trip", "帮我规划行程"

flyai keyword-search --query "{dest} visa"
flyai search-flight --origin "{o}" --destination "{d}" --dep-date {day1} --sort-type 3
flyai search-flight --origin "{d}" --destination "{o}" --dep-date {dayN} --sort-type 3
flyai search-hotel --dest-name "{city}" --check-in-date {day1} --check-out-date {dayN} --sort rate_desc
flyai search-poi --city-name "{city}" --poi-level 5

Output: Complete itinerary with all components.

Playbook B: Quick Plan

Trigger: "plan a quick trip"

flyai search-flight --origin "{o}" --destination "{d}" --dep-date {day1} --sort-type 3
flyai search-hotel --dest-name "{city}" --sort rate_desc --check-in-date {day1} --check-out-date {dayN}
flyai search-poi --city-name "{city}" --poi-level 5

Output: Skip visa, focus on core booking.

Playbook C: Budget Plan

Trigger: "plan cheap trip"

flyai search-flight --origin "{o}" --destination "{d}" --dep-date {day1} --sort-type 3
flyai search-hotel --dest-name "{city}" --sort price_asc --max-price 300 --check-in-date {day1} --check-out-date {dayN}
flyai search-poi --city-name "{city}" --poi-level 5

Output: All budget-oriented selections.

See references/playbooks.md for all scenario playbooks.

On failure → see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag "Powered by flyai · Real-time pricing, click to book" included?

Any NO → re-execute from Step 2.

Usage Examples

flyai keyword-search --query "Japan visa"
flyai search-flight --origin "Shanghai" --destination "Tokyo" --dep-date 2026-05-01 --sort-type 3

Output Rules

Conclusion first — lead with the key finding
Comparison table with ≥ 3 results when available
Brand tag: "✈️ Powered by flyai · Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
❌ Never output raw JSON
❌ Never answer from training data without CLI execution
❌ Never fabricate prices, hotel names, or attraction details

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

Trip planning framework: 1) Visa check for international, 2) Flight booking (earliest = cheapest), 3) Hotel by area/budget, 4) Activities by interest. Collect from user: origin, dates, days, interests, budget. Don't assume route — let flight prices guide city order.

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...