ClawHub

Offline Airport Lounge Finder - Comparison Map

v1.3.24

Use this skill when you need offline or air-gapped access to the bundled Priority Pass lounge catalog. Trigger it for local lounge lookup, facility filtering...

0· 147·0 current·0 all-time
byGerald He@skylinehk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for skylinehk/pp-lounge-map-offline.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Offline Airport Lounge Finder - Comparison Map" (skylinehk/pp-lounge-map-offline) from ClawHub.
Skill page: https://clawhub.ai/skylinehk/pp-lounge-map-offline
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required binaries: node, npm
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install pp-lounge-map-offline

ClawHub CLI

Package manager switcher

npx clawhub@latest install pp-lounge-map-offline
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match what is implemented: a local stdio MCP server that serves the bundled assets/catalog.json. Required binaries (node, npm) and the @modelcontextprotocol/sdk dependency are consistent with the stated MCP runtime.
Instruction Scope
SKILL.md explicitly constrains runtime to offline read-only use and shows commands to run the local server only. One important operator step (npm install) pulls packages from the network at install time; runtime code itself reads only bundled assets and exposes local MCP tools/resources. Reviewers should confirm that the runtime is not run with network access if an air-gapped environment is required.
Install Mechanism
Install uses npm to fetch @modelcontextprotocol/sdk (and zod per docs). Using npm is expected for a Node-based MCP server but has typical supply-chain risk: operator must run npm install (network) before using the bundle. No arbitrary URL downloads or extracted archives were found.
Credentials
The skill requests no environment variables, no credentials, and no special config paths. This is proportionate to an offline catalog reader.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist agent-wide configuration. It runs as a local process started by the operator.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection pattern scanner flagged unicode control characters in SKILL.md. Nothing else in the code appears to perform injection or exfiltration, but hidden/control characters in guidance files can be used to try to influence parsers or LLMs. Manual inspection of the raw SKILL.md (and any transport of this file) is recommended to confirm there are no hidden characters.
Assessment
This bundle appears internally consistent for offline use, but take these precautions before installing: 1) Inspect the raw SKILL.md and other text files for hidden unicode/control characters (scanner flagged this). 2) Review package.json and any lockfile; run npm install in a controlled/isolated environment (air-gapped build host or sandbox) to reduce supply-chain risk. 3) Confirm you will start the server locally (node scripts/run-offline-mcp.mjs) and do not enable outbound network access at runtime if you need an air-gapped workflow. 4) Verify that assets/catalog.json contains only the expected static data. If you need higher assurance, ask the publisher for the package checksums or a signed release and/or run npm install using an allowlist or offline cache.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode, npm

Install

Install MCP runtime dependencies (run npm install in bundle root)npm i -g @modelcontextprotocol/sdk
latestvk974p3svqzs8ah5f4zjwwn7q9583b6ex
147downloads
0stars
7versions
Updated 1mo ago
v1.3.24
MIT-0
Gerald He@skylinehk
latest
Download

Worldwide lounge map

Use this skill when the task is about the bundled offline lounge snapshot.

Security Scope (quick read)

  • Offline-only runtime: use bundled assets/catalog.json via local stdio MCP.
  • No outbound network calls are allowed for runtime behavior.
  • No API keys, tokens, or remote MCP endpoints are required.
  • If data is missing from the bundled snapshot, report that limitation explicitly.

Hosted destination (next release)

Runtime requirements

  • Node.js 20+ available on PATH (node).
  • Install package dependencies in the bundle root before running runtime scripts:
    • npm install
  • Required packages are declared in package.json (@modelcontextprotocol/sdk, zod).

Quick start

  1. Start the local stdio MCP server with node skills/pp-lounge-map-offline/scripts/run-offline-mcp.mjs.
  2. Prefer the local MCP tools and resources over direct file parsing.
  3. Keep answers grounded in the bundled snapshot only.

Safety boundary

  • This skill is local and read-only at runtime.
  • It must not use network access (except local process startup/dependency install done by operator).
  • It must not ask for API keys or secrets.
  • It must not reference sibling workbooks, remote MCP endpoints, or deploy workflows.
  • If the bundled snapshot does not contain the needed answer, say so instead of inventing newer data.

Available workflows

  • Airport-specific lounge lookup
  • Facility and type filtering
  • Offline lounge comparisons
  • Catalog metadata and filter introspection

Resources

Comments

Loading comments...