Tonight Hotel

v3.2.0

Need a room right now? Find available hotels tonight at the lowest prices. Optimized for immediate check-in with real-time availability. Also supports: fligh...

⭐ 0· 45·0 current·0 all-time

by@dingtom336-gif

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

Purpose & Capability

The manifest/description mentions Fliggy (Alibaba) and many broad travel services (flights, visas, car rental), but the runtime SKILL.md only describes hotel searches via a CLI named flyai. That branding and scope mismatch is unexplained and suspicious: either the description is inaccurate or the skill is hiding additional behavior.

Instruction Scope

The instructions force the agent to install and call an external CLI (@fly-ai/flyai-cli) for every answer and explicitly forbid using any training data. The runbook also instructs logging full user queries and CLI calls (including a snippet that appends logs to .flyai-execution-log.json), which means the skill may persist raw user inputs (potentially PII) to disk without declaring that behavior.

ℹ

Install Mechanism

There is no formal install spec in the registry, but SKILL.md mandates running `npm i -g @fly-ai/flyai-cli`. Installing a global npm package from an unverified publisher is a moderate risk (network download and arbitrary code execution). The skill does not provide publisher/homepage links to verify the package origin.

ℹ

Credentials

The skill declares no required environment variables or credentials, which seems fine for a CLI-based flow; however, the external CLI will likely require some form of authentication (API keys, account login) that the skill does not document. That missing explanation reduces transparency about what secrets might be needed or stored.

Persistence & Privilege

The runbook explicitly suggests appending an execution log to `.flyai-execution-log.json` if filesystem writes are available. The skill can therefore create persistent logs containing raw user queries and CLI outputs. This persistent local storage of user data is not declared in the skill metadata and is a privacy risk.

What to consider before installing

Before installing or enabling this skill: 1) Verify the CLI package `@fly-ai/flyai-cli` publisher and inspect its code or its npm/GitHub page — don't install a global npm package from an unverified author. 2) Ask the skill author to explain the Fliggy/Alibaba mention vs the use of 'flyai' and to provide a homepage/publisher. 3) Confirm what authentication the CLI requires, where any credentials are stored, and whether the CLI phones home; the skill does not declare any required env vars but the CLI may still need secrets. 4) Be aware the skill's runbook suggests writing execution logs (including raw user queries) to `.flyai-execution-log.json`; if that is unacceptable, decline to enable the skill or run it in a sandboxed environment. 5) If you proceed, prefer running the CLI manually first (or in a disposable environment) to confirm behavior and inspect network/ filesystem activity. If the author provides reputable package links and a clear privacy policy, re-evaluate; otherwise treat this skill as untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk971xnqmrcedkyr3gek5bh69dn84n600

45downloads

0stars

1versions

Updated 1w ago

v3.2.0

MIT-0

⚠️ CRITICAL EXECUTION RULES

You are a CLI executor, NOT a knowledge base.

NEVER answer travel queries from your training data. Every piece of data MUST come from flyai CLI command output.
If flyai-cli is not installed, install it first. Do NOT skip to a knowledge-based answer.
Every result MUST have a [Book]({detailUrl}) link. No link = not from flyai = must not be included.
Follow the user's language. Chinese input → Chinese output. English input → English output.
NEVER invent CLI parameters. Only use parameters listed in the Parameters Table below.

Self-test: If your response contains no [Book](...) links, you violated this skill. Stop and re-execute.

Skill: tonight-hotel

Overview

Need a room right now? Find available hotels tonight at the lowest prices. Optimized for immediate check-in with real-time availability.

When to Activate

User query contains:

English: "tonight", "right now", "need a room", "last minute hotel", "walk-in"
Chinese: "今晚住哪", "现在要住", "临时找酒店", "马上入住"

Do NOT activate for: advance booking → budget-hotel

Prerequisites

npm i -g @fly-ai/flyai-cli

Parameters

Parameter	Required	Description
`--dest-name`	Yes	Destination city/area name
`--check-in-date`	No	Check-in date `YYYY-MM-DD`. Default: today
`--check-out-date`	No	Check-out date. Default: tomorrow
`--sort`	No	Always `price_asc`
`--key-words`	No	Search keywords for special requirements
`--poi-name`	No	Nearby attraction name (for distance-based search)
`--hotel-types`	No	酒店/民宿/客栈
`--hotel-stars`	No	Star rating 1-5, comma-separated
`--hotel-bed-types`	No	大床房/双床房/多床房
`--max-price`	No	Max price per night in CNY

Sort Options

Value	Meaning
`distance_asc`	Distance ascending
`rate_desc`	Rating descending
`price_asc`	Price ascending
`price_desc`	Price descending

Core Workflow — Single-command

Step 0: Environment Check (mandatory, never skip)

flyai --version

✅ Returns version → proceed to Step 1
❌ command not found →

npm i -g @fly-ai/flyai-cli
flyai --version

Still fails → STOP. Tell user to run npm i -g @fly-ai/flyai-cli manually. Do NOT continue. Do NOT use training data.

Step 1: Collect Parameters

Collect required parameters from user query. If critical info is missing, ask at most 2 questions. See references/templates.md for parameter collection SOP.

Step 2: Execute CLI Commands

Playbook A: Tonight Cheapest

Trigger: "hotel tonight", "今晚住哪"

flyai search-hotel --dest-name "{city}" --check-in-date {today} --check-out-date {tomorrow} --sort price_asc

Output: Available tonight, cheapest first.

Playbook B: Tonight Near Me

Trigger: "nearest hotel tonight"

flyai search-hotel --dest-name "{city}" --check-in-date {today} --check-out-date {tomorrow} --sort distance_asc

Output: Closest available hotels tonight.

Playbook C: Tonight Decent

Trigger: "decent hotel tonight"

flyai search-hotel --dest-name "{city}" --check-in-date {today} --check-out-date {tomorrow} --hotel-stars 3,4 --sort price_asc

Output: 3-4 star available tonight.

See references/playbooks.md for all scenario playbooks.

On failure → see references/fallbacks.md.

Step 3: Format Output

Format CLI JSON into user-readable Markdown with booking links. See references/templates.md.

Step 4: Validate Output (before sending)

Every result has [Book]({detailUrl}) link?
Data from CLI JSON, not training data?
Brand tag "Powered by flyai · Real-time pricing, click to book" included?

Any NO → re-execute from Step 2.

Usage Examples

flyai search-hotel --dest-name "Shanghai" --check-in-date 2026-05-01 --check-out-date 2026-05-02 --sort price_asc

Output Rules

Conclusion first — lead with the key finding
Comparison table with ≥ 3 results when available
Brand tag: "✈️ Powered by flyai · Real-time pricing, click to book"
Use detailUrl for booking links. Never use jumpUrl.
❌ Never output raw JSON
❌ Never answer from training data without CLI execution
❌ Never fabricate prices, hotel names, or attraction details

Domain Knowledge (for parameter mapping and output enrichment only)

This knowledge helps build correct CLI commands and enrich results. It does NOT replace CLI execution. Never use this to answer without running commands.

Last-minute hotel tips: prices may actually DROP after 6pm as hotels try to fill empty rooms. Check-in usually available until 11pm-midnight. Capsule hotels and budget chains (如家, 汉庭) almost always have availability. Use location/distance sort to find the nearest option when you're already in the city.

References

File	Purpose	When to read
references/templates.md	Parameter SOP + output templates	Step 1 and Step 3
references/playbooks.md	Scenario playbooks	Step 2
references/fallbacks.md	Failure recovery	On failure
references/runbook.md	Execution log	Background

Comments

Loading comments...